Password and User Security

The Password and User Security screen allows the corporate location to define and regulate certain levels of password and user security as well as for users to change their own passwords on a periodic basis. Passwords for logging into the Crunchtime applications are defined in the Application Users screen. Authorized users can change their own password in the Change Password screen.

 

  1. Under the Security menu, click Password and User Security.
  1. The Password and User Security tab is displayed.
  2. Check the Use Complex Passwords box to enable the features in this screen. This box must be checked in order for the "Change Password" option to be available under the Security menu in Enterprise Manager and Enterprise Manager Web and for the "Forgot Password" button/link to be available on the login screen of all the Crunchtime applications. If not checked, standard password functionality will apply.  {Note} Closed: The only standard restriction (when “Use Complex Passwords is NOT enabled) is that the Password for an Enterprise Manager and/or Net-Chef user is limited to 8 characters.
  3. In the Password Security section, define the following parameters as needed:
  • Minimum password length: ____ characters – Check this box and enter a value to define the minimum number of characters required in a password. This must be ≥ 3 and ≤ 16 and must be ≤ the maximum length. The default is 6 characters.
  • Maximum password length: ____ characters – Check this box and enter a value to define the maximum number of characters required in a password. This must be ≥ 3 and ≤ 16 and must be ≥ the minimum length. The default is 16 characters.
  • Require new password to be different from the last ____ passwords – Check this box and enter a value to determine when a password can be repeated again. This must be ≥ to 3 and ≤ 16; the default is 5 passwords.
  • Passwords are case-sensitive – If checked, password validation will be case-sensitive. The lower case equivalent of all passwords is stored in the database and will be used to validate passwords if this box or "Use Complex Passwords" is not checked.
  • Passwords must contain upper and lower case alpha characters – This can only be checked if " Passwords are case-sensitive" is also selected and the language being used is based on the 26 character alphabet. If checked, at least one upper case and one lower case alphanumeric character must be included in a user password.
  • Passwords must contain a minimum of ____ numeric characters – Check this box and enter a value to define the minimum number of numeric characters required in a password. This must be ≥ 0 and ≤ 5; the default is 1 numeric character.
  • Allow special characters (any non-alphanumeric character) – Check this box if characters such as  !, @, #, $ ,%, ^, &, and *  should be allowed in a password.
  • Passwords must include special characters – This can only be checked if "Allow special characters" is also selected. If checked, at least one special character must be included in a password.
  • Passwords must not contain User ID or User Name (First or Last) – If checked, users will not be allowed to include their User ID or first or last name in their password. (Validation is not case-sensitive.)
  • Auto-create passwords for new User IDs (not visible for Cruise companies) – If checked, the application will automatically create a password for a new User ID in the Application Users screen. This means that the system administrator will not enter passwords manually. (When this is checked, "E-Mail" address is a required field in the Application Users screen, for communication of auto-generated passwords to the users.)
  • Passwords must not contain the following reserved words – Check the box to enable this requirement, then click the Plus (Add) icon or the Trash Can (Delete) icon to modify the list of reserved words. Users will not be allowed to include the listed words in their password. (Validation is not case-sensitive.)
  1. In the User Security section, define the following parameters as needed:
  • New IDs must be unique throughout history – If checked, a User ID for an inactive user can never be reused for a new user. (This will only be accessible if the Audit Preference for "Application Users" is enabled.)
  • Disable User IDs after ____ days of inactivity – If checked, the user record will be automatically deactivated for a user that has not logged into the application for the defined number of days. This must be ≥ 1 and ≤ 365; the default is 60 days.  (This will only be accessible if the Audit Preference for "Application Users" is enabled.)
  • Expire Company-issued passwords after the first use – If checked, when "New Hire" users log in, they will have to change their password and have the option to define 1 or 2 security questions and answers before entering the application. If not checked, when "New Hire" users log in they will only have the option to define the security questions and answers. (This is not affected by the “Auto-create passwords for new User IDs” setting; this will apply to any password NOT entered by users themselves.)
  • Limit to ____ unsuccessful log-on attempts within ____ minutes – If checked, users will become "locked" when they unsuccessfully attempt to login a specified number of times within the defined time frame. The number of unsuccessful attempts must be ≥ 1 and ≤ 10 and the duration must be ≥ 1 and ≤ 999 minutes; the default is 3 attempts within 720 minutes (12 hrs). This will only be accessible if the Audit Preference for "Application Users" is enabled. This parameter will NOT be enforced for users whose User Group has the "Password and User Security - Do Not Auto-Deactivate" control enabled.

When the "Limit to" restriction is checked, one of the following will apply to determine when a "locked" user can log in again:

  • User IDs that have been locked out must be reset by a system administrator – If this is selected, the account will remain locked until unlocked by an authorized user, one who is linked to a user group with the "Application Users - Unlock User Account" control enabled.
  • Account lockout duration: ____ minutes – The user will be able to log in after the defined number of minutes. This must be ≥ 1 and ≤ 1440 minutes (24 hrs).  If this is selected, the application will check the user's Audit records to determine how long the account must stay locked. An authorized user may also unlock the user's account.

If the "Limit to" restriction is not checked, neither of the above options can be checked.

  • Minimum password age: ____ days – Check this box and enter a value to define the minimum number of days before users are allowed to change their password again. This must be ≥ 1 and ≤ 30 and must be ≤ the maximum length; the default is 1 day.
  • Maximum password age: ____ days – Check this box and enter a value to define the maximum number of days after which users must change their password again. This must be ≥ 1 and ≤ 365 and must be ≥ the minimum length. The default is 90 days. When users exceed the defined maximum, they will have to change the password at the next login attempt.
  1. To require users to change their password at the next login attempt, click Force Users to Change Password. A pop-up will appear to confirm this action. To force this change, click Yes; otherwise click No.  {Note} Closed: This button only appears when "Use Complex Passwords" is changed from not checked to checked.
  2. When finished, click the Disk (Save) icon.  {Note} Closed: If the “Force Users to Change Password” button was not clicked, the pop-up noted in Step 6 above will appear to prompt this action.
  3. To view changes to these settings, click the Audit tab.
  4. Click the X (Close) icon exit the screen.

 

 

Related Topics Link IconRelated Topics