Password Policy

This section helps system administrator to configure the password policy and rules for their organization. To setup password policy please follow below mention steps:

  • Login with valid credentials
  • Click on setting icon on top right-hand side of home page
  • Click Advanced and then click password policy

There are three sections to password policy as mentioned below:

 

Complexity

A complex password uses different types of characters in unique ways to increase security and is difficult to detect by both humans and computer programs, effectively protecting data from unauthorized access. Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase and can have combination of different special characters.

MDO uses below characteristics to make password more secure:

Options Description
Uppercase (A-Z) This check box force user to add at least 1 character in upper case in password.
Lowercase (A-Z) This checkbox force user to add at least 1 character in lower case in password.
Digit (0-9) This checkbox force user to add at least 1 numeric character in password.
Special characters This checkbox force user to add at least 1 special character in password.
Initial Login reset password? This checkbox force user to change the password on initial /first login.

This option will come into picture when administrator sets or reset your password.

 

Password Restrictions

There are two type of restrictions which you can apply on your password policy. Below table provides some brief information on restriction types:

 

Options Description
System defined Value MDO comes with predefined restriction types which can be used in password policy such as:

·         First Name

·         Last name

·         User id

When setting up a password if these restriction rules are applied then user can not use first name, last name or user id in their passwords. To add system defined value restrictions follow below steps:

1)      Click on “Add text

2)      Select restriction type as “System Defined Value

3)      Select restriction value and click save.

4)      To add other values as well in restriction, repeat the process again from step 1.

User defined value There are some specific values or characters which admin may wish to restrict in password. To add user defined restriction, follow below steps:

1)      Click on “Add text

2)      Select restriction type as “User defined value

3)      Enter the value which you want to restrict i.e. “# “or “@” or “Prospecta” and click save

4)      To add other values as well in restriction, repeat the process again from step 1.

 

Other Details

Other than complexity and restriction rules there are other criteria’s which you can apply on password policy to make password more secure. Below table will explain these options:

Options Description
Password Length Password length describe the minimum length of password. In general minimum of 8 character of password length is recommended and may be set more as per the company password policy.
Password History count Password history count insures that same password is not used again. For example, if we put history count as “3” then user can not use last 3 passwords.
Password Age (Days) The Maximum password age policy setting determines the period (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after several days between 1 and 999.
Account locked after failed login attempts The system provides option that enable you to specify the number of failed logins attempts before a user account is locked. For example, if your failed login attempt is set as “4” then after 4 wrong login attempts user account gets locked. Only administrator can unlock the user account if locked.