Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page will explain explains how to to manage all kind kinds of policies related to the account, especially those related to passwords, audit results, privacy, and user accounts.

Contents

Table of Contents

 

Account Policies

Go to Account Management > Account Policies to set a password policy for your account. 

There is a default policy (8 characters, 2 numbers), but this policy can also be customized. Image Removedis customizable.

Image Added

Password strength

You can configure the strength (complexity) of the passwords by specifying the following rules:

  • a The minimum password length for passwordshow many uppercases, lowercases, .
  • The number of uppercase and lowercase letters, digits, and special characters that a password should contain the password.

Password History 

Enforcing the Password History policy

will set

sets how often an old password can be reused. You can define the number of previous passwords remembered

. This policy discourages

, discouraging users from reusing

a

previous

password, thus

passwords and preventing them from alternating between several common passwords.

Password expiration (days)

Apply this policy to determine how long users can keep a password before they are required to change it, thus forcing users to periodically change it. Once the password expiration date is reached, the user will be redirected user  redirects to a “change your password” page. 

Login attempts

Setting the maximum number of allowed login attempts provides protection protects against “brute-force” or dictionary-based attempts to guess passwords. You can specify a maximum number of consecutive login attempts allowed , after which the account is automatically locked.

Only the Kiuwan owner (or a Kiuwan user with Users Management privilege) can enable the locked account.

 

Audit's Results Privacy Policy

 

In this page of Kiuwan administration you can also customize the level of privacy for audit results URLs generated:

 

Image Removed

 User Accounts Policy

This section is intended to manage policies related to user accounts. You can set a policy to automatically disable those users that remain inactive for a period of time.

Image Removed

Such policy does not apply to account owners or administrators, because typically these roles can be inactive for long periods of time between one system tune-up and the next.

 

 

Do not enforce Password Reset at first login

By default, whenever Kiuwan generates a new password, the user has to change the password for the first time. When the option “Do not enforce Password Reset at first login” is set up, this behavior is disabled.

You can create a new password in the following situations:

  • Creation of a new user.
  • Resetting a password (by the administrator).
  • Following the “Forgot my password” process on the main login page.