Contact Support

Enhancing Security with Password Settings

Updated

To strengthen your platform's security, we recommend modifying the default password standards for all users. Implementing robust password rules contributes to a more secure environment and aligns your organization with password management best practices. This article will guide you through accessing these settings and making the necessary adjustments.
 

  1. Accessing Password Settings
  2. Password Settings

 

Accessing Password Settings

To access the password settings:

  1. On the homepage, select the Admin button at the bottom of the left navigation menu.
  2. From the left navigation menu, click “Platform”, “Security”, then "Password."

 

Password Settings

Once in the Password Settings, you can configure the following:

  • Change Password on First Login: If this option is toggled "On", new users will be required to create a secure password immediately upon their initial login. This ensures password security from the outset.

  • Minimum Length: This setting discourages the use of easily guessable passwords and adds an extra layer of protection. We recommend setting a minimum password length of at least 10 characters.

  • Lock Account: By configuring an account lockout policy, you can prevent unauthorized access and protect against brute-force attacks. We recommend locking accounts after 5 failed login attempts.

  • Session Timeout: Customizing session timeouts is crucial for security, especially in situations where users might leave their devices unattended. Setting a session timeout helps reduce the risk of unauthorized access if a user forgets to log out. We recommend setting a session timeout of 60 minutes; the minimum length is 5 minutes and the maximum is 1440 minutes (24 hours). 

  • Password Expiration: Implementing a password expiration policy helps ensure that passwords are changed regularly, reducing the risk of long-term password compromise. The default setting is for passwords to expire every 180 days. Upon expiration, users will be prompted to reset their password immediately upon login. Password setting and resetting dates have been tracked since April 15, 2024. Expiration occurs 180 days after the last set or reset date. For users who have not reset their passwords since April 15, 2024, expiration dates are staggered across the following dates: January 18, 2025, January 25, 2025, February 1, 2025, and February 8, 2025. Please note that users and administrators will not receive advance notifications about upcoming expirations; users will be prompted to reset their expired passwords upon login.

     

After making your desired changes, click "Save Changes".
 

 

 

 

  

If you have any questions, please contact Awardco Admin Support.

Related to