Policies
Password rules allow you to set all password-related settings for users. The use of complex passwords increases the security of data and system operation, reduces the possibility of logging in to the system by other users and access to the data of each registered user.
You can go to the settings from the System settings - Password rules menu.
The following settings are available on the Password rules page:
- (1) - Limit maximum password age;
- (2) - Minimum password length;
- (3) - Disable simple password;
- (4) - Number of login attempts before lockout;
- (5) - Change password after first login;
- (6) - Rewrite user passwords from CSV file.
Limit maximum password age
The setting allows you to add a password expiration date. The number of days of password validity can be set in the Maximum password age (days) field.
If the user uses the password for more days than it is set in the setting, then after logging in to the portal, the user will be prompted to change the password.
Minimum password length
This setting allows you to limit the minimum number of characters for the password. The user will not be able to change the password or register in the system if the password does not match the number of characters.
Disable simple password
The administrator can prohibit the use of simple passwords. When such a ban is enabled, the following requirements apply when entering a new password:
- does not contain the account name;
- contains capital letters of the Latin alphabet;
- contains lowercase letters of the Latin alphabet;
- contains numbers;
- contains special characters!,@,#,$,%,^,&,*,(,),_,-,+,=,[,],{,},?
Number of login attempts before lockout
The number of login attempts before blocking determines the number of logins to the system with an incorrect password for the user. In this case, regardless of the total number of attempts, the CAPCHA field appears after two incorrect login attempts. Subsequent attempts depend not only on the correctness of the password, but also on the characters entered in the CAPCHA field.
If all available attempts are used and the user has not entered the correct password, he will be blocked. The first blocking lasts 5 minutes. If after blocking, the user enters the wrong password again - the blocking will be enabled for 10 minutes. All subsequent locks will increase - 5, 10, 15, 20, 25 minutes.
Change password after first login
Often, when importing users, standard passwords are assigned to everyone. To protect your account, it is a good idea to change the password to a more secure one.
If you enable this option, all new users will be required to change their password during the first login in order to continue their work on the portal. After authorization on the portal, a notification will be displayed to them.
LMS Collaborator constantly monitors all actions related to logging into the system, changing passwords, logins and emails. If potentially dangerous or important security actions occur, they are recorded in the Security log. All entries in the report differ in importance levels - low, normal, high. Records areattached in such cases:
- The password has been marked as outdated. The user must change it;
- The user has changed his password;
- The administrator has changed the password;
- The user has restored his password;
- User is temporarily blocked automatically.
For the Security log, the Notify about changes by E-mail setting is available, with which the administrator can enable automatic sending of event notifications.
If the setting is enabled, a list of log entries for the last day is sent to the system administrator daily using the Users - Security log Report template, if any.
Also, the number of new entries in the Security log is displayed by a marker in the Reports menu, which also allows the Administrator to quickly respond to potential danger.
Rewrite user passwords from CSV file
Access to the function is opened for the role in which the permission "Update user passwords from a file" is enabled (find more in Roles in the system). Permissions for roles are set up by LMS Collaborator technical support.
The .csv file must contain two columns:
- uid - external user ID
- password - password to be set.
For example:
uid;password
demo01;x5bD37AYm9
demo02;cLk8257CuR
demo03;7bCm56sBK5
demo04;c2jBA4Ki45
demo05;b228x8ZJsG
demo06;Pc7AhX6i59
demo07;v88G9st9FN
After loading the file, all users from the list, according to the id, passwords are replaced with new ones. If the id from the file does not match any of the ACTIVE users in the system, the feed is ignored.
After changing passwords, a message is displayed in a modal window with the number of:
- (1)- Updated users;
- (2) - Ignored users;
- (3) - Not found users (list of not found id).
After updating passwords, a notification is sent to all users using the Users - Your password in the learning system has been changed template.
Also, the password update event for each user is displayed in the security log with the comment "Administrator changed password".