This page will explain how to manage all kind of policies related to the account, especially those related to passwords, audit results privacy and user accounts.
Contents:
| Table of Contents |
|---|
Account Policies
Go to Account Management > Account Policies to set a password policy for your account.
There is a default policy (8 characters, 2 numbers), but this policy can also be customized.
Password strength
You can configure the strength (complexity) of the passwords by specifying:
a minimum length for passwords
how many uppercases, lowercases, digits, and special characters should contain the password
Password History
Enforcing the Password History policy will set how often an old password can be reused. You can define the number of previous passwords remembered. This policy discourages users from reusing a previous password, thus preventing them from alternating between several common passwords.
Password expiration (days)
Apply this policy to determine how long users can keep a password before they are required to change it, thus forcing users to periodically change it. Once the password expiration date is reached, the user will be redirected to a “change your password” page.
Login attempts
Setting the maximum number of allowed login attempts provides protection against “brute-force” or dictionary-based attempts to guess passwords. You can specify a maximum number of consecutive login attempts allowed, after which the account is automatically locked. Only the Kiuwan owner (or a Kiuwan user with Users Management privilege) can enable the locked account.
User’s Accounts
Audit's Results Privacy Policy
In this page of Kiuwan administration you can also customize the level of privacy for audit results URLs generated:
User Accounts Policy
This section is intended to manage policies related to user accounts. You can set a policy to automatically disable those users that remain inactive for a period of time.
Such policy does not apply to account owners or administrators, because typically these roles can be inactive for long periods of time between one system tune-up and the next.