Configure Password Security Settings

Define the settings that control the security of user passwords in
NetOps Portal
using
NetOps Portal
.
HID_Security_Passwords
You can define the settings that control the security of user passwords in
NetOps Portal
using
NetOps Portal
. You can manage these settings using the Single Sign-On Configuration (SSOConfig) tool. This article details how to define the settings in
NetOps Portal
.
For more information about how to manage these settings using SSOConfig, see Configure Password Security Settings Using the SSO Configuration Tool.
Follow these steps:
  1. Log in as a user with administrative role rights.
  2. Hover over
    Administration
    ,
    Configuration Settings
    , and then click
    Security Settings
    .
    The
    Security Settings
    page appears.
  3. In the
    Password Management
    section, complete the following fields:
    • Enforce password requirements
      Specify whether to enforce the password requirements.
      Default:
      Enabled
      The guidelines require that this setting remain enabled.
    • Minimum password length (characters, 8 recommended)
      Specify the minimum password length in characters.
      Values:
      8-32 characters
      Default:
      8 characters
      The guidelines require that you set the password length to at least 8 characters.
    • Password lifespan (days, 105 recommended)
      Specify the number of days after which passwords expire.
      Values:
      0-712 days (Specify 0 to disable password expiration and to specify passwords to never expire.)
      Default:
      105 days
      The guidelines require that passwords expire after 120 days.
    • Disable user after failed login attempts
      Specify whether multiple failed login attempts within a timeframe disable the user.
      Default:
      Enabled
    • Failed login attempts before blocking (6 recommended)
      Specify the number of failed login attempts before a user is blocked (disabled).
      Values:
      2-9
      Default:
      6
      The guidelines require that users are blocked after 6 or fewer login attempts.
    • Timeframe for determining failed login attempts (minutes, 3 recommended)
      Specify the timeframe that the failed login attempts must occur before a user is blocked (disabled).
      Values:
      1-10
      Default:
      3
      The guidelines require that users are blocked after they have reached the specified failed login attempts within 6 or fewer minutes.
    • Timeframe to block an IP address after failed login attempts (minutes, 0 means this setting is disabled)
      Specify the number of minutes to block an IP address after multiple failed login attempts within a timeframe. This blocks the IP address of the user for the specified amount of time.
      This functionality is
      not
      an intrusion detection system.
      Values:
      0-1440 (Specify 0 to disable blocking IP addresses after failed login attempts.)
      Default:
      0
  4. Click
    Save
    .
The password security settings are configured.