Skip to content

Password Policy Configuration

Feedback

Securing user data is of paramount importance in today's digital age. One of the primary defenses against unauthorized access is a robust password policy. By enforcing stringent password requirements, organizations can significantly reduce the risk of unauthorized breaches.

The Password Policy Configuration is a set of guidelines and rules that are set up to improve computer security by encouraging users to employ strong, secure passwords and use them properly.

Password Configuration Settings:

  1. Enabling Password Policy:

  2. Enable the below-specified password policy configurations: When checked, the specific password policies mentioned below will be applied.

  3. Hint Configuration:

  4. Hint to be shown when the password policies are not satisfied: This field allows you to input a custom message or hint that will be displayed to users when their password doesn't meet the set requirements.

  5. Incorrect Password Attempts:

  6. Disable user on incorrect password attempt: If this is checked, user accounts will be disabled after a set number of incorrect password entries.

  7. Number of incorrect password attempts allowed before disabling user: Define how many consecutive wrong password entries will trigger an account lockout.

  8. Password Complexity:

  9. Include at least one uppercase character in the password: Passwords must contain at least one capital letter.
  10. Include at least one lowercase character in the password: Passwords must contain at least one small letter.
  11. Include at least one number in the password: Passwords must contain at least one numeric digit.

  12. Include at least one special character in the password: Passwords must contain at least one special character (e.g., !, @, #, etc.)

  13. Reuse of Passwords:

  14. Allow reuse of previous passwords: If checked, users can reuse their previous passwords.

  15. Number of past passwords to be allowed: Define how many of the user's previous passwords can be reused.

  16. Password Length:

  17. Minimum password length required: Set the minimum number of characters a password must have.

  18. Admin Controls:

  19. Allow force reset of user password: When checked, allows the system to enforce a password reset for users.

  20. Enable Reset Password on password change by Admin: If enabled, users will be prompted to reset their passwords if an admin manually changes them.

  21. Password Expiry:

  22. User password expires in: Define the duration (in days) after which a user's password expires and needs to be changed.

  23. Notifications:

  24. Send Notification to Users: If enabled, users will be notified of certain password-related events.

  25. Force reset password message: Set a custom message to inform users about a forced password reset.

  26. Account Inactivity:

    • Allow auto lock of user account in case of extended account inactivity: Enable this to lock user accounts after a certain period of inactivity.
    • Set account lockdown period: Define the duration of inactivity (in days) that will trigger an account lockout.

  27. Two-Factor Authentication (2FA):

    • Enable: When checked, users will be required to undergo a second step of verification (e.g., via phone or email) after entering their password.

    self serve

How to set the password policy

Step-by-step Guide:

  1. Log into the Vymo web application.
  2. Click on the gear icon located in the upper-right corner to go to self-serve.
  3. Navigate to the "User Management" section and select "Password Policies."
  4. Define your password policy according to the organization's security standards.
  5. Click "Save" to store the drafted changes.
  6. To implement the changes, select "Release changes" and confirm with "Yes, Proceed."
  7. Detail the release information and provide your email ID to receive a one-time password (OTP) for verification.
  8. Input the received OTP and await the confirmation indicating completion.
  9. To view and test the implemented changes, log out and then log back into the application.

Two-factor authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring two methods (also known as factors) to verify your identity. These factors can include something you know (like a password or PIN), something you have (like a smartphone or a security token), or something you are (like your fingerprint). 2FA is designed to prevent unauthorized access even if someone knows your password.

Step-by-step Guide:

  1. Navigate to the "Two-Factor Authentication" section under "Password Policies".

  2. Check the "Enable" option to activate 2FA for the user base.

  3. Configure the desired 2FA method and set the parameters such as OTP length, resend timer, and maximum resend attempts.

  4. Save the configurations and release the changes to apply them across the organization.

self serve

Did this page help? No help at allYes, totally!
Back to top