Knowledge Base
  Online Manual
  API Documentation
Generic selectors
Exact matches only
Search in title
Search in content
Home > Knowledge Base > How to Manage User Password Requirements

How to Manage User Password Requirements


The Total Uptime panel gives you the ability to manage several aspects of your end-user’s passwords. In this article we’ll cover all of the basics.

Many of the settings we are talking about here are controlled via the Company Edit dialog. You can find this by clicking the gear/cog icon in the upper-right corner of the panel, and then going to the Company tab. There you will see your company in the table. Double click it (or select it and choose edit from the toolbar) to open up the settings. It may look something like this:

Company Password Settings

Password Age / Expiration / Life: You can control how long a password is allowed to live by modifying the value of the Password Expiry in Days setting. By default it is blank, allowing passwords to remain unchanged forever. By setting this value to something else, it will force a user to change their password when it has been in effect for that period of time.

For example, if you set the Password Expiry in Days value to 30, when the user logs in, it will check to see how old the password is. If it is 30 days old or longer at that time, it will prompt the user to immediately change the password at that time. However, it will not disable a user account if the time is grossly exceeded. You may wish to monitor user password age and disable these accounts manually or via the API. Further detail on locking or unlocking users can be found in the Users Tab Manual Page.

Password Length: You can set the minimum password length by populating the Min. Password Length field. By default it is blank, but this means the minimum password length falls back to no less than 8 alphanumeric characters. It is not possible to set this value lower than 8 or higher than 32.

Password Complexity: Password complexity is not adjustable. Every user must create a password that has at least one uppercase character, one lowercase character, one number/digit and one special character. These rules cannot be relaxed.

Maximum Login Attempts: Users are automatically locked out for 5 minutes if they try to log in with an invalid password 5 consecutive times. This setting is also not adjustable and is required for security purposes to ensure the integrity of our panel and your user accounts. IP Addresses are tracked and repeat offenders may be blocked for longer periods of time, especially if IPs are seen trying multiple user accounts unsuccessfully.

Two-factor / 2FA Authentication: Users can be forced to complete a second factor of authentication when logging into the panel. These settings are behind the blue “Configure” button beside “2F Authentication” as shown in the screenshot above. Further detail on the 2FA options can be found in our 2FA KB Article.

 

How do you Keep IT Up®?

Talk to us!