Difference between revisions of "Logging In / System Access"
From Charitylog Manual
Alanconway (talk | contribs) (Created page with "right PAGE UNDER CONSTRUCTION __TOC__ =Security Rules= =Password Rules= =Single Stage Login= =Welcome Message= =Organisation Password= =...") |
Alanconway (talk | contribs) (→Password Rules) |
||
| Line 9: | Line 9: | ||
=Password Rules= | =Password Rules= | ||
| + | |||
| + | [[File:oprulespasswords.png]] | ||
| + | |||
| + | The Password Rules tab contains system-wide settings relating to user passwords. On this screen you will see: | ||
| + | |||
| + | * '''Do not allow the reuse of previous''' - It would be recommended that this has at 10 previous passwords denied. | ||
| + | * '''Number of Days Before User Password Change Required''' - If set to zero then users will never be prompted to change their password. A typical time period is 60 days, this is around two months. | ||
| + | * '''Minimum Password Strength''' | ||
| + | |||
| + | Charitylog has an in-built strength checker which can force the users to create stronger passwords. This can look at commonly used words and the overall perceived strength of the chose password. Users are then prevented from using a weak password, even though it may have met conventional rules about the number of characters used. The default option is set to ''Strong''. We would recommend users are coached to choose a stronger password by combining random/memorable words into a single phrase. For example, the password ''Purplemonkeydishwasher'' is much easier to remember and stronger than ''Pa55w0rd''. In short, length is strength and the longer the password is, the more secure it is. But remember to make it easy for the user to remember but personal to them so only they would know. | ||
| + | |||
| + | If you have contractual requirements for specific password strength rules, you can click on the chevron which reveals the below options. | ||
| + | |||
| + | * '''Minimum Length of User Passwords''' - This specifies the minimum length that a users password can be. We would recommend at least seven to eight characters. | ||
| + | * '''Minimum Number of Upper Case Characters In Password''' - It is recommended that you include at least one uppercase character. | ||
| + | * '''Minimum Number of Non Alpha-numeric Characters (_:!&()?-@,.+) in Password''' - It is recommended that you include at least one special character. | ||
| + | * '''Maximum Number of Identical Consecutive Characters In Password''' - Allowing consecutive characters can make a weak password. Example; aaaaaaa1 | ||
| + | * '''Allow User's System Username In Password''' - It is recommended to set this to "Do not Allow". | ||
| + | * '''Allow User's Real Name In Password''' - It is recommended to set this to "Do not Allow". | ||
| + | * '''Allow Organisation Name In Password''' - It is recommended to set this to "Do not Allow". | ||
| + | * '''Allow Browser to Save Username and Password''' - It is recommended to set this to "Do not Allow". | ||
=Single Stage Login= | =Single Stage Login= | ||
Revision as of 09:49, 9 July 2024
PAGE UNDER CONSTRUCTION
Contents
Security Rules
Password Rules
The Password Rules tab contains system-wide settings relating to user passwords. On this screen you will see:
- Do not allow the reuse of previous - It would be recommended that this has at 10 previous passwords denied.
- Number of Days Before User Password Change Required - If set to zero then users will never be prompted to change their password. A typical time period is 60 days, this is around two months.
- Minimum Password Strength
Charitylog has an in-built strength checker which can force the users to create stronger passwords. This can look at commonly used words and the overall perceived strength of the chose password. Users are then prevented from using a weak password, even though it may have met conventional rules about the number of characters used. The default option is set to Strong. We would recommend users are coached to choose a stronger password by combining random/memorable words into a single phrase. For example, the password Purplemonkeydishwasher is much easier to remember and stronger than Pa55w0rd. In short, length is strength and the longer the password is, the more secure it is. But remember to make it easy for the user to remember but personal to them so only they would know.
If you have contractual requirements for specific password strength rules, you can click on the chevron which reveals the below options.
- Minimum Length of User Passwords - This specifies the minimum length that a users password can be. We would recommend at least seven to eight characters.
- Minimum Number of Upper Case Characters In Password - It is recommended that you include at least one uppercase character.
- Minimum Number of Non Alpha-numeric Characters (_:!&()?-@,.+) in Password - It is recommended that you include at least one special character.
- Maximum Number of Identical Consecutive Characters In Password - Allowing consecutive characters can make a weak password. Example; aaaaaaa1
- Allow User's System Username In Password - It is recommended to set this to "Do not Allow".
- Allow User's Real Name In Password - It is recommended to set this to "Do not Allow".
- Allow Organisation Name In Password - It is recommended to set this to "Do not Allow".
- Allow Browser to Save Username and Password - It is recommended to set this to "Do not Allow".
