User login password complexity and multi-factor authentication requirements for ei3 applications can be controlled in two ways. A set of requirements is defined to create a “Password Rule” that applies for company-wide use, and rules can be distinct between the different access levels of users within a Mother Company in the Customer Portal. All rules may only be created and managed by Remote Service super-admin users.

A Remote Service super-admin user would first create one default rule for all users for their own company. This default rule will also apply to all the customer Mother Companies in the Customer Portal that were set up by that parent Remote Service company, unless a separate rule set is created for those companies. Such separate rules can also be segregated by user access level (non-admin, location admin, division admin, company admin).

Accordingly, additional, distinct rules may be created for individual customer Mother Companies, if the requirements for such a company are more stringent than the Remote Service users. Such a rule would apply to the relevant Customer Portal users of that Mother Company.

Creating or Editing Password Rules

Log into Remote Service, go to Admin and then click on the Password Rules menu item. This will take you to the following page:

Graphical user interface, text, application, email

Description automatically generated

To create a new password rule, click on the  next to the Action column. The super admin should first create a default password rule for their own company and all its customer companies in the associated Customer Portal. Then if different requirements are desired for a specific mother company, a different rule can be created for just that mother company. A rule for a specific mother company will only apply as the unique default for all users in that company. In addition, password rules can be created for the different user access levels at the customer mother company. In summary, the super admin can create different password rules for different companies or different user access levels.

Graphical user interface, application

Description automatically generated

Password Complexity Composition Limits

The following composition limits apply to all password rules:

Composition Requirements

Number of Characters

Length

Between 8 and 128

Minimum Alphabetical Characters

Between 1 and 10

Minimum Numeric Characters

Between 1 and 10

Minimum Special Characters

Between 1 and 10

Minimum Uppercase Characters

Between 1 and 10

Minimum Lowercase Characters

Between 1 and 10

A number of characters must be defined within the limits for each composition requirement. The super admin can also enable the rejection of commonly used words as passwords and user-derived words as passwords by selecting the relevant boxes to enable them.

Password Security Setting Limits

The following security setting limits apply to all password rules:

Security Setting Requirements

Number of days / tries

Maximum Password Life

Between 1 and 3650 days

Password Change Reminder

Between 1 and 365 days

Failed Login Attempts

Between 1 and 10 times

Password History Length

Between 1 and 10 passwords

Lock Inactive Users After

Between 1 and 3650

The Password Change Reminder and Password Length History sections also have the info icon to explain what that section means.

Graphical user interface, application

Description automatically generated

The Password Change Reminder shows a reminder message to the user of how many days before the password will expire and they will be forced to change their password. In this case, the reminder message will appear every day starting 7 days before the password expires (day 83 of the 90 day maximum password life).

The Password History Length is the number of times a password must be subsequently changed before an old password can be reused. In this case, after changing the password 3 times since a particular password was last used, the user can use that same particular password again.

Multi Factor Authentication

In this section, the super admin can choose whether they want to enable two-factor authentication. This is done by simply clicking the checkbox.

Graphical user interface, text, email

Description automatically generated

A timeout is required when enabling the two-factor authentication. Once the email or text with the code is sent to the user, the value of the timeout provides that quantity of minutes within which the user must use that code. In this case, the user has 2 minutes before that code expires and can no longer be used for login.

© 2020 ei3 Corporation. Content of this web page is proprietary to ei3 Corporation.

Print Friendly, PDF & Email