Password Management

 

To enable the enforcement of password policy management, open the Board Server configuration panel and tick the “Manage passwords” check-box.

image152.jpg

 

After enabling the checkbox, restart the service, the following policies will apply:

 

Change Password

- In the “insert/change password” screens, the password complexity is verified:

- Minimum 7 characters, and and must contain a number and a capital

 image277.jpg

 

Five Login Attemps

If a user types for 5 times a wrong password it is disabled for 30 minutes. In case the Admin resets the password (types a new one) the timer is also reset and the user can log-in immediately using the new password.

 image154.jpg

 

 Password expiry

All pwd expire after 90 days. After the expiry period, the user is forced to change his password and can’t proceed until the new pwd has been defined.

image155.jpg

- The user can’t reuse an old password (history of last 5 passwords used).

image156.jpg

 

Default Security Rules Edit

In the configuration file server_config_v2.xml it is possible to customize the following parameters of the policies:

ManagePassword="True" à if “False” then all policies are ignored, if set to “True” then all policies are enforced.

PasswordExpirationDays="90" à expiry period in of the password, in months.

MaxPasswordFails="5" à Number of allowed attempts before the locking occurs

RetryAfterMinutes="30" à Minutes of lock-out before new login attempts are allowed (unless password is reset).

NOTE:

if you change parameters in the XML file, remember to stop/start the Board service in order to apply the new values.

When an administrator gives the first password or resets a password, he can enforce a password change by ticking the check-box “ Force password change at next login”.

image157.jpg