Learn how to apply password policies
Available with: |
Windows player: Pro, Premium Web player: Pro, Premium LG webOS Signage Player: Pro, Premium Samsung SMART Signage Platform (SSSP / Tizen) Player: Pro, Premium Brightsign Player: Pro, Premium Android Player: Pro, Premium Linux Player: Pro, Premium macOS Player: Pro, Premium |
What is a password policy?
A password policy is a collection of configurations that determines the criteria for a user's password creation or modification in the Studio. The password policies also allow you to manage the number of failed connections attempts the Studio will allow before forcing a user to reset their password.
How can I configure a password policy for my organization?
Once you are connected to the ITESLIVE Studio lick the « Tree view » beneath the « 01 Select a screen » header.
Once in the « Tree view » navigate to the account group that represents your organization and click on the gear to the right of the account group. In the drop-down list that is displayed click the entry named « Edit group ».
Note: The password policy must be applied on the group that represents the entire organization, the same policy will be applied to all locations under it automatically.
- ITESMEDIA
- MONTREAL
- TROIS-RIVIERES
In the above example, the password policy must be applied on the group named ITESMEDIA and will be applied to the other two groups under it.
Sample organization infrastructure on the ITESLIVE Studio:
« Edit group » button's location :
The window that will open contains the configurations that can be applied to define a password policy. By default, these configurations are disabled, to enable these configurations you must click the checkbox to their right and add a value in the box on the left. Here is the complete list of configurations that can be enabled.
- Minimally force X characters
This configuration requires a user's password to contain at least the number of characters specified here. - Minimally force X uppercases
This configuration requires a user's password to contain at least the number of uppercase characters specified here. - Minimally force X lowercases
This configuration requires a user's password to contain at least the number of lowercase characters specified here. - Minimally force X digits
This configuration requires a user's password to contain at least the number of digits specified here. - Minimally force X special characters
This configuration requires a user's password to contain at least the number of special characters specified here. - Deny common passwords
If this checkbox is enabled, the Studio will compare the user's password to a list of frequently used passwords. If the user's password is in the list, it will be refused by the Studio. - Allow a maximum of X consecutive identical characters
This configuration allows the repetition of characters used in the password according to the value entered, but it is used to limit the number of times a character in the password can be repeated consecutively. - Does not contain name, first name, email, email prefix, email domain
This configuration compares a user's password to their information, it will make it impossible for your users to enter their name, last name, email prefix or their email's domain as a part of their password.
Note: If we look at the following email as an example.
support@itesmedia.tv
The first part of the email, the part located before the @ (support@itesmedia) is what we call an email prefix. The second part that is located after the @ (support@itesmedia.tv) is what we call the email's domain.
-
Expiration every X days forcing a change of password
This configuration is used to determine a delay within which a user's password remains valid. For instance, if you enter a value of 30 in this field, the password for the users in your organization will expire every 30 days and will force them to reset their password the next time they login. - Do not allow using the previous password
If enabled, this configuration will make it impossible for your users to enter their previous password whenever they need to reset their password. - Number of failed login attempts allowed
This configuration determines the number of times users are allowed to fail a login attempt before the ITESLIVE Studio forces them to reset their password.
Note: If the configuration named « Number of failed login attempts allowed with captcha » is enabled, rather than forcing a user to reset their password the Studio will add a CAPTCHA to the next login attempt.
- Number of failed login attempts allowed with captcha
This configuration determines the number of times users are allowed to fail a login attempt once the CAPTCHA has been enabled before forcing the user to reset their password.
In addition to the configurations that validate the passwords entered by your users, there are also configurations that can force a two-factor authentication when a user logs into the ITESLIVE Studio. The two-factor authentication confirms the identity of the person who is logging into the Studio using either a phone number (text message) or an alternate email address. To view the available configurations in this regard, you must activate the checkbox named « Enable two-factor authentication ».
When you activate the checkbox, there will be a confirmation message that will be displayed that asks you to encourage users to provide a phone number or second email address. Click « OK » to continue.
The following configurations will then be displayed beneath the « Enable two-factor authentication ».
- Two-factor authentication required even with missing information : This checkbox makes it so that a user's information for the two-factor authentication is mandatory to login for all of your users.
Important:When this configuration is active, the users that have not provided either a phone number of second email address will no longer be able to log in to the ITESLIVE Studio. They will need to provide the required information to an administrator that can enter these details in their ITESLIVE user account.
- Number of allowed two-factor authentication failures: Determines the number of failed log in attempts the Studio allows with the two-factor authentication enabled before forcing the user to reset their password.
- Priority channel: Determines the two-factor authentication method that will be prioritised according to the following options. If the priority channel is not available, the alternative method will be used instead.
- Default: By default, the phone number will be prioritized for the two-factor authentication.
- Phone number: Prioritizes the use of a text message sent to the user's phone number to confirm their identity.
- Second email address: Prioritizes the use of an email sent to the user's second email address to confirm their identity.
- Number of days without two-factor authentication if requested: Offers users the possibility to request that the two-factor authentication to be ignored for the number of days entered here.