Contact Support

Enhancing Security with Password Settings (Legacy)

Updated

This is a Legacy article. If you are using the current Awardco 2.0 Interface, please search for the updated version to ensure accuracy.

To promote the implementation of stronger password rules, we recommend altering password standards for all users, contributing to a more secure environment and aligning your organization with best practices in password management. This article below will help you to navigate to these settings and guide you through making adjustments. 
 

  1. Accessing Password Settings
  2. Password Settings


Accessing Password Settings

To navigate to password settings:

  1. Click the Admin button on the homepage.
  2. Select the Settings tab at the top of the page.
  3. Click Password under the Management section.


Password Settings

Change Password on First Login - If you toggled On, this ensures that users can create a secure password immediately upon their initial login. 
 

Minimum Length Field - This configuration discourages the use of easily guessable passwords and adds an extra layer of protection. We recommend setting a minimum password length of at least 10 characters. 
 

Lock Account Field - By setting a lockout policy for user accounts, you can prevent unauthorized access and protect against brute force attacks. We recommend locking accounts after 5 failed login attempts. 
 

Session Timeout Field - Customizing session timeouts is crucial for security, especially in scenarios where users may leave their devices unattended. Configuring session timeouts helps mitigate the risk of unauthorized access in case a user forgets to log out. We recommend setting a 60 minute session timeout. 

Password Expiration - Implementing a password expiration policy helps ensure that passwords are changed periodically, reducing the risk of long-term password compromise. The default setting is for passwords to expire every 180 days. Upon expiration, users are prompted to reset their password immediately upon login. Password setting/resetting dates are tracked starting from 4/15/2024, with expiration occurring 180 days after the last set/reset date. For users who haven't reset their password since 4/15/2024, expiration dates are staggered across these dates: 1/18/2025, 1/25/2025, 2/1/2025, and 2/8/2025. Users and admins are not alerted about upcoming expirations; users will be prompted to reset expired passwords upon login.


Be sure to click Save after making any changes. 

image.png

 

 
 

 

If you have any questions, please contact Awardco Admin Support.

Related to