Password Policies
Password configuration options provide you to setup password rules and alerts to improve user accounts security and notification on multiple incidents. Site admin can set password min length,complexity requirements,expiry period,new password rule and much more. Site admin can configure password policies settings available in Site Admin > Security tab.
Security Incident Reporter
Password guessing is a common type of security attack. In this type of attack, a hacker attempts to log in to a computer using various combinations of usernames and passwords. EduBrite LMS provides a set of security settings to protect user accounts from intruders. Several security incidents like multiple password changes in a day with optional alert to site admin, multiple invalid logins attempts with an optional lockout and alert to site admin, the new device used to login with an optional alert to the user can be reported.
Property | Description |
---|---|
Minimum password length | The minimum number of characters required for a password. When you set this value, existing users aren't affected until the next time they change their passwords. The default is 6 characters. The maximum is 30 characters. |
Password complexity requirement |
The requirement for which types of characters must be used in a user's password.
|
User password expiry period in days | The number of days until user's password expires and must be changed. |
Enforce Password History | Save users' previous passwords so that they must always reset their password to a new, unique password. Password history is not saved until you set this value. |
Maximum password changes allowed in a day | The maximum number of times password can be changed by a user, on exceeding which an alert can be sent to site admin. |
Send alert to site admins on exceeding max password changes allowed in a day | When you select this option, an alert will be sent to site admin when a user exceeds the maximum number of password changes allowed in a day. |
Maximum invalid login attempts | The number of login failures allowed for a user before they get locked out. |
Send alert to site admins on exceeding max invalid login attempts | When you select this option, an alert will be sent to site admin when a user exceeds maximum invalid login attempts. |
Lockout period in minutes | The duration of the login lockout in minutes. |
Record new device signin info | If there is any login attempt to user's account from a new device or IP, the activity gets logged, which can be further used to send an alert to the user to secure his account. |
Alert user about the new device used to signin | If there is any login attempt to user's account from a device or IP that is different from the previous devices or IP, an email alert is sent to the user. |