EvaluAgent allows you to define security rules that are unique to your businesses requirements. Using the security settings you can configure:
- Password Expiration: Define how often you want to force users to reset their passwords.
- Minimum Password length: Set a minimum password length that users must adhere to. Optionally, you can also set a different Minimum Password length for anyone who is an admin
- Password Reuse: Force users to enter a different password and stop them reusing a password they may have used in a recent change.
By default, the only rule that can't be turned off is the minimum password length. This is set to 8 characters/numbers by default, but you may change this as required.
Go to Security Settings and click the Password restrictions tab
Here you can configure rules associated with Password Expiry; Password Reuse; Password length; and, Password attempts
By default, passwords are configured to not expire. However, if you choose to activate this feature, you'll be prompted to enter how often Users will be prompted to change their password. The minimum refresh is 30 days.
PLEASE NOTE: When you first activate this feature, all users will be prompted to reset their password on next login.
This rule enables you to stop users from using a recent password again. You configure how many previous passwords you want EvaluAgent to remember and, if a password is in that list. the system won't allow the user to change password. For example, if you enable this rule and set the value to 3, user's won't be able to change their password to any of their previous 3 passwords.
Minimum password length defaults to a minimum of 8 characters, but you can increase this.
In addition, you can assign users with the Administrator role to a different password length. In the example below, non-Admin users have a minimum password length of 9 and users who have been assigned the Admin role have a minimum password length of 12.
This rule allows you to lock a users account after a defined number of incorrect login attempts have been made.
How to unlock accounts
When a user account has become locked, they will access the following message when they try to log in.
To unlock an account that has become locked, go to Admin User Management and then locate the user whose account is locked. Then, click on the burger menu and you will then have an option "Unlock Account".
Once you click, "Unlock Account" you will get a final prompt for you to confirm the unlock.
If you're sure you want to unlock the account, press the "Unlock" button and you'll then see a confirmation message.