Password policy and security alerts

Password Policies

Password configuration options provide you to setup password rules and alerts to improve user accounts security and notification on multiple incidents. Site admin can set password min length,complexity requirements,expiry period,new password rule and much more. Site admin can configure password policies settings available in Site Admin > Security tab.
 

Security Incident Reporter

Password guessing is a common type of security attack. In this type of attack, a hacker attempts to log in to a computer using various combinations of usernames and passwords. EduBrite LMS provides a set of security settings to protect user accounts from intruders. Several security incidents like multiple password changes in a day with optional alert to site admin, multiple invalid logins attempts with an optional lockout and alert to site admin, the new device used to login with an optional alert to the user can be reported.
 
 
 
 
Property Description
Minimum password length The minimum number of characters required for a password. When you set this value, existing users aren't affected until the next time they change their passwords. The default is 6 characters. The maximum is 30 characters.
Password complexity requirement 

The requirement for which types of characters must be used in a user's password.

  • No restriction: The default setting. Has no requirements and is the least secure option.
  • Must mix alphabets and numbers: Requires at least one alphabetic character and one number.
  • Must mix alphabets, numbers and special characters: Requires at least one alphabetic character, one number, and one of the following characters: ! @ & # $ % _ ? * < >.
  • Must mix numbers and uppercase and lowercase letters: Requires at least one number, one uppercase letter, and one lowercase letter.
  • Must mix numbers, special characters, uppercase and lowercase letters: Requires at least one number, one uppercase letter, one lowercase letter, and one of the following characters: ! @ & # $ % _ ? * < >.
User password expiry period in days  The number of days until user's password expires and must be changed.
Enforce Password History  Save users' previous passwords so that they must always reset their password to a new, unique password. Password history is not saved until you set this value.
Maximum password changes allowed in a day  The maximum number of times password can be changed by a user, on exceeding which an alert can be sent to site admin.
Send alert to site admins on exceeding max password changes allowed in a day When you select this option, an alert will be sent to site admin when a user exceeds the maximum number of password changes allowed in a day.
Maximum invalid login attempts  The number of login failures allowed for a user before they get locked out.
Send alert to site admins on exceeding max invalid login attempts When you select this option, an alert will be sent to site admin when a user exceeds maximum invalid login attempts.
Lockout period in minutes The duration of the login lockout in minutes.
Record new device signin info  If there is any login attempt to user's account from a new device or IP, the activity gets logged, which can be further used to send an alert to the user to secure his account.
Alert user about the new device used to signin  If there is any login attempt to user's account from a device or IP that is different from the previous devices or IP, an email alert is sent to the user.
 

 

 


Rating: