Security guidelines

Login guidelines

Maximum number of failed login attempts

This defines how often a user may attempt to log in again after a login has failed, such as because the password was entered incorrectly.

If the number of failed login attempts exceeds the value entered here, the corresponding user account is blocked.

In the "User" module, you will find the "Login attempts" data field, in which the number of failed login attempts is stored, in the Scheme manager.

Password guidelines

Minimum password length

Defines the minimum number of characters that must be entered so that the password is valid. When passwords are created that fall below this number, an error message will be shown.

Allowed characters

Here, you define which characters may be used for passwords.

Illegal characters

Here, you exclude those characters that may not be used in passwords.

Reject, if matches regular expression

Allows you to enter a regular expression that will be used to check characters which are not allowed in the password. If the expression ^([A-Za-z0-9ÄÖÜäöü]{6,40})$ is entered to the field to the right of the setting, for example, passwords would not be allowed that contained six to 40 characters, contain upper- and lowercase letters, or umlauts in upper- or lowercase.

Test for character repeats

Enables you to restrict the frequency with which a preset part of the password can be repeated within the password.

Reject passwords found in dictionary

This setting causes passwords that consist only of known words, e.g. "flower" or "birthday", to be declined.

Reject passwords found in history

This setting causes passwords that were already used to be declined. Additionally you can define if all passwords or only the most recent passwords will be rejected.

Reject letter sequences

Causes passwords to be declined if they contain sequences of letters in order (such as "ABC").

Reject numeric sequences

Causes passwords to be declined if they contain sequences of numbers in order (such as "123").

Reject passwords containing user names

Declines passwords that contain the user name.

Reject passwords with whitespace

Prevents passwords from being used that contain spaces.

Account guidelines

The settings that are possible here serve as the default values when new users are created. They are not transferred to existing accounts when changes to these are made.

Password expires

Here, you can specify that a password has an expiration date as defined in the Password management.

User must change password at next login

This setting means the user will be requested to enter a new password when they log in with an expired password.

User cannot change password

Here, you can specify that users are allowed to change their password. The link in the Login dialog that is used to change the password is hidden with this setting.