Skip to main content

Changing the user-account security settings

The user-account security settings control the password complexity, account lockout, and web session inactivity timeout. You can change the values of the settings.

Procedure

Complete the following steps to override the user-account security settings that are in place.

  1. From the XClarity Administrator menu bar, click Administration > Security.
  2. Click Account Security Settings under the Users and Groups section to display the Users Management page.
  3. For each of the following setting that needs to change, select the new value.
    Table 1. Account Security settings
    Security settingDescriptionAllowed valuesDefault values
    Password expiration periodAmount of time, in days, that a user can use a password before it must be changed. Smaller values reduce the amount of time for attackers to guess passwords

    If set to 0, passwords never expire.

    Note
    This setting applies only when the user accounts are managed using the local authentication server. They are not used when the external authentication server is used.
    0 – 36590
    Password expiration warning periodAmount of time, in days, before the password expiration date that users begin to receive warnings about the impending expiration of the user password

    If set to 0, users are never warned.

    Note
    This setting applies only when the user accounts are managed using the local authentication server. They are not used when the external authentication server is used.
    0 – maximum password expiration setting5
    Minimum password reuse cycleMinimum number of times that a user must enter a unique password when changing the password before the user can start to reuse passwords

    If set to 0, users can reuse passwords immediately.

    0 – 10 5
    Minimum password change intervalMinimum amount of time, in hours, that must elapse before a user can change a password again after it was previously changed. The value specified for this setting cannot exceed the value specified for the password expiration period.

    If set to 0, users can change passwords immediately.

    0 – 144024
    Maximum number of login failuresMaximum number of times that a user can attempt to log in with different incorrect passwords before the user account is locked out. The number specified for the lockout period after maximum login failures determines how long the user account is locked out. Accounts that are locked cannot be used to gain access to the system even if a valid password is provided.

    If set to 0, accounts are never locked. The failed login counter is reset to zero after a successful login.

    0 – 10020
    Lockout period after maximum login failuresMinimum amount of time, in minutes, that must pass before a user that was locked out can attempt to log back in again

    If set to 0, the account remains locked until an administrator explicitly unlocks it. A setting of 0 might make your system more exposed to serious denial of service attacks, where deliberate failed login attempts can leave accounts permanently locked.

    Tip
    Any user with the role of Supervisor can unlock a user account. For more information, see Unlocking a user.
    Note
    This setting applies only when the user accounts are managed using the local authentication server. They are not used when the external authentication server is used.
    0 – 288060
    Web inactivity session timeoutAmount of time, in minutes, that a user session that is established with XClarity Administrator can be inactive before the user is logged out

    If set to 0, the web session never expires.

    Note
    • When changing this value, only user sessions that start after the setting is changed are affected.
    • A user is not logged out while time-consuming jobs, such as uploading or downloading files, that were initiated with the user are still running, .regardless of the inactivity period.
    0 – 14401440
    Minimum password lengthMinimum number of characters that can be used to specify a valid password8 – 208
    Number of complexity rules that must be followed when creating a new passwordNumber of complexity rules that must be followed when creating a new password

    Rules are enforced starting with rule 1, and up to the number of rules specified. For example, if the password complexity is set to 4, then rules 1, 2, 3 and 4 must be followed. If the password complexity is set to 2, then rules 1 and 2 must be followed.

    XClarity Administrator supports the following password complexity rules.

    • (1) Must contain at least one alphabetic character, and must not have more than two sequential characters, including sequences of alphabetic characters, digits, and QWERTY keyboard keys (for example, abc, 123, and asd are not allowed).

    • (2) Must contain at least one number (0 - 9).

    • (3) Must contain at least two of the following characters.

      • Uppercase alphabetic characters (A – Z)

      • Lowercase alphabetic characters (a – z)

      • Special characters. Only these characters are supported ; @ _ ! ' $ & +

    • (4) Must not repeat or reverse the user name.

    • (5) Must not contain more than two of the same characters consecutively (for example, aaa, 111, and ... are not allowed).

    If set to 0, passwords are not required to comply with any complexity rules.

    0 – 54
    Maximum active sessions for a specific userMaximum number of active sessions for a specific user that is allowed at any given time

    If set to 0, the number of allowed active sessions for a specific user is unlimited.

    1 – 203
    Force user to change password on first accessIndicates whether a user is required to change the password when the user logs in to XClarity Administrator for the first timeYes or NoYes
  4. Click Apply.

After you finish

When successfully saved, the new settings take effect immediately. If you change the setting for web inactivity session timeout, active sessions are affected.

If you change password policies, those policies are enforced the next time a user logs in or changes the password.