Difference between revisions of "Logging In / System Access"
Alanconway (talk | contribs) (→Single Stage Login) |
Alanconway (talk | contribs) (→Welcome Message) |
||
| Line 59: | Line 59: | ||
=Welcome Message= | =Welcome Message= | ||
| + | |||
| + | This is visible to all users on the Welcome Page, and on the second login stage if using the two-step process. You can use this section to add important information, service announcements, messages of the day etc. You can also change the font size, add bullet points etc just like you would do with a conventional document. | ||
| + | |||
| + | [[File:welcomepage_jul24.png]] | ||
=Organisation Password= | =Organisation Password= | ||
=External Links= | =External Links= | ||
Revision as of 10:18, 9 July 2024
PAGE UNDER CONSTRUCTION
Contents
Security Rules
The Security Rules tab shows security rules for your system.
Usernames
- minimum length of usernames
- minimum number of uppercase characters
- minimum number of numeric characters
Failed logins
- set a lockout period in minutes, after a number of failed login attempts
- Require Adminstrator Reset After Failed Logins? - choose whether or not to lock out users until an administrator resets their account (after failed logins)
User Inactivity
Set the length of the countdown timer that operates to log users out automatically.
2 Factor Authentication
Choose whether to use 2 Factor Authentication or not. You will need to have the TextAnywhere service enabled but you can also choose to authenticate user logins with an email instead of a text. Enable the option, then choose email or text.
Password Rules
The Password Rules tab contains system-wide settings relating to user passwords. On this screen you will see:
- Do not allow the reuse of previous - It would be recommended that this has at 10 previous passwords denied.
- Number of Days Before User Password Change Required - If set to zero then users will never be prompted to change their password. A typical time period is 60 days, this is around two months.
- Minimum Password Strength
Charitylog has an in-built strength checker which can force the users to create stronger passwords. This can look at commonly used words and the overall perceived strength of the chose password. Users are then prevented from using a weak password, even though it may have met conventional rules about the number of characters used. The default option is set to Strong. We would recommend users are coached to choose a stronger password by combining random/memorable words into a single phrase. For example, the password Purplemonkeydishwasher is much easier to remember and stronger than Pa55w0rd. In short, length is strength and the longer the password is, the more secure it is. But remember to make it easy for the user to remember but personal to them so only they would know.
If you have contractual requirements for specific password strength rules, you can click on the chevron which reveals the below options.
- Minimum Length of User Passwords - This specifies the minimum length that a users password can be. We would recommend at least seven to eight characters.
- Minimum Number of Upper Case Characters In Password - It is recommended that you include at least one uppercase character.
- Minimum Number of Non Alpha-numeric Characters (_:!&()?-@,.+) in Password - It is recommended that you include at least one special character.
- Maximum Number of Identical Consecutive Characters In Password - Allowing consecutive characters can make a weak password. Example; aaaaaaa1
- Allow User's System Username In Password - It is recommended to set this to "Do not Allow".
- Allow User's Real Name In Password - It is recommended to set this to "Do not Allow".
- Allow Organisation Name In Password - It is recommended to set this to "Do not Allow".
- Allow Browser to Save Username and Password - It is recommended to set this to "Do not Allow".
Single Stage Login
Essentially, there are two options to consider when logging into your system. You can either present users with an organisation-wide username and password, or you can present them with a specific URL they can click on and simply enter their own username and password. To retain the conventional 2-stage login process, choose the option which says Using a two-step process.
If you wish to create a dedicated UR, choose the option which says Directly to this system, using a custom URL as seen below. You can then customise the URL or use the default provided. The URL will be provided underneath so you can copy and paste. This can then be added to the favourites on your browser or even added as your homepage.
Welcome Message
This is visible to all users on the Welcome Page, and on the second login stage if using the two-step process. You can use this section to add important information, service announcements, messages of the day etc. You can also change the font size, add bullet points etc just like you would do with a conventional document.
