Login Policy

System > Login Policy

The Login Policy page sets login policies that apply to all administrators. Login policies prevent a brute force break-in to the system. By limiting the successive number of bad login attempts and disabling rogue accounts for a set amount of time, you can prevent unauthorized users from gaining entry into the system by repeatedly entering random passwords.

To Set Login Policy

1. Specify the number of consecutive bad logins an administrator is allowed before their account is disabled in the Number of consecutive failed login attempts allowed before disabling account field. The count is reset to zero after a successful login.
2. Specify the amount of time, in hours or days, that the account is disabled in the Length of time to disable account after max login failures exceeded field.
3. Specify the time period of administrator inactivity before the administrator is automatically logged out. Set the number of minutes of inactivity in the Minutes of inactivity before an administrator session expires field.

   Note: To activate the account manually before the lockout time elapses, another master administrator must enable the account using the System > Enable/Disable page.

4. Prevent administrators from changing their login policy by checking the box beside Prevent administrators from changing their login.
5. Specify a password strength policy by checking the boxes beside the following:
   • Require password change every N days
   • Enforce minimum password length
   • Prohibit password reuse for N passwords
   • Require upper and lower case alpha characters
   • Require both alpha and numeric characters
   • Require non-alphanumeric characters
6. Press Update to apply the settings

Topic 522: Send Feedback