Difference between revisions of "Logging In / System Access"

From Charitylog Manual
Jump to: navigation, search
(Password Rules)
(Security Rules)
Line 7: Line 7:
  
 
=Security Rules=
 
=Security Rules=
 +
 +
The Security Rules tab shows security rules for your system.
 +
 +
===Usernames===
 +
* '''minimum length of usernames'''
 +
* '''minimum number of uppercase characters'''
 +
* '''minimum number of numeric characters'''
 +
 +
===Security Rules - Failed logins===
 +
* '''set a lockout period in minutes, after a number of failed login attempts'''
 +
* '''Require Adminstrator Reset After Failed Logins?''' - choose whether or not to lock out users until an administrator resets their account (after failed logins)
 +
 +
===Security Rules - User Inactivity===
 +
Set the length of the countdown timer that operates to log users out automatically.
 +
 +
===Security Rules - 2 Factor Authentication===
 +
Choose whether to use 2 Factor Authentication or not. You will need to have the [[TextAnywhere]] service enabled but you can also choose to authenticate user logins with an email instead of a text. Enable the option, then choose email or text.
 +
 +
[[File:2factoroptions.png]]
  
 
=Password Rules=
 
=Password Rules=

Revision as of 09:53, 9 July 2024

Helpheader small.png

PAGE UNDER CONSTRUCTION


Security Rules

The Security Rules tab shows security rules for your system.

Usernames

  • minimum length of usernames
  • minimum number of uppercase characters
  • minimum number of numeric characters

Security Rules - Failed logins

  • set a lockout period in minutes, after a number of failed login attempts
  • Require Adminstrator Reset After Failed Logins? - choose whether or not to lock out users until an administrator resets their account (after failed logins)

Security Rules - User Inactivity

Set the length of the countdown timer that operates to log users out automatically.

Security Rules - 2 Factor Authentication

Choose whether to use 2 Factor Authentication or not. You will need to have the TextAnywhere service enabled but you can also choose to authenticate user logins with an email instead of a text. Enable the option, then choose email or text.

2factoroptions.png

Password Rules

Oprulespasswords.png

The Password Rules tab contains system-wide settings relating to user passwords. On this screen you will see:

  • Do not allow the reuse of previous - It would be recommended that this has at 10 previous passwords denied.
  • Number of Days Before User Password Change Required - If set to zero then users will never be prompted to change their password. A typical time period is 60 days, this is around two months.
  • Minimum Password Strength

Charitylog has an in-built strength checker which can force the users to create stronger passwords. This can look at commonly used words and the overall perceived strength of the chose password. Users are then prevented from using a weak password, even though it may have met conventional rules about the number of characters used. The default option is set to Strong. We would recommend users are coached to choose a stronger password by combining random/memorable words into a single phrase. For example, the password Purplemonkeydishwasher is much easier to remember and stronger than Pa55w0rd. In short, length is strength and the longer the password is, the more secure it is. But remember to make it easy for the user to remember but personal to them so only they would know.

If you have contractual requirements for specific password strength rules, you can click on the chevron which reveals the below options.

  • Minimum Length of User Passwords - This specifies the minimum length that a users password can be. We would recommend at least seven to eight characters.
  • Minimum Number of Upper Case Characters In Password - It is recommended that you include at least one uppercase character.
  • Minimum Number of Non Alpha-numeric Characters (_:!&()?-@,.+) in Password - It is recommended that you include at least one special character.
  • Maximum Number of Identical Consecutive Characters In Password - Allowing consecutive characters can make a weak password. Example; aaaaaaa1
  • Allow User's System Username In Password - It is recommended to set this to "Do not Allow".
  • Allow User's Real Name In Password - It is recommended to set this to "Do not Allow".
  • Allow Organisation Name In Password - It is recommended to set this to "Do not Allow".
  • Allow Browser to Save Username and Password - It is recommended to set this to "Do not Allow".

Single Stage Login

Welcome Message

Organisation Password

External Links