Password
      Back to home
      1. Help center
      2. User management
      3. Password

      How to apply password policies

      Learn how to apply password policies

       

      Available with:
      Windows player: Pro, Premium
      Web player: Pro, Premium
      LG webOS Signage Player: Pro, Premium
      Samsung SMART Signage Platform (SSSP / Tizen) Player: Pro, Premium
      Brightsign Player: Pro, Premium
      Android Player: Pro, Premium
      Linux Player: Pro, Premium
      macOS Player: Pro, Premium

       

      What is a password policy?

      A password policy is a collection of configurations that determines the criteria for a user's password creation or modification in the Studio.  The password policies also allow you to manage the number of failed connections attempts the Studio will allow before forcing a user to reset their password.

      How can I configure a password policy for my organization?

      Once you are connected to the ITESLIVE Studio lick the « Tree view » beneath the « 01 Select a screen » header.

      01 tree view

      Once in the « Tree view » navigate to the account group that represents your organization and click on the gear to the right of the account group. In the drop-down list that is displayed click the entry named « Edit group ».

      Note: The password policy must be applied on the group that represents the entire organization, the same policy will be applied to all locations under it automatically. 
      - ITESMEDIA

           - MONTREAL

           - TROIS-RIVIERES

      In the above example, the password policy must be applied on the group named ITESMEDIA and will be applied to the other two groups under it.

      Sample organization infrastructure on the ITESLIVE Studio:

      02 Account group_1

      « Edit group » button's location :

      02 Account group_2

      The window that will open contains the configurations that can be applied to define a password policy. By default, these configurations are disabled, to enable these configurations you must click the checkbox to their right and add a value in the box on the left. Here is the complete list of configurations that can be enabled.

      • Minimally force X characters
        This configuration requires a user's password to contain at least the number of characters specified here.
      • Minimally force X uppercases
        This configuration requires a user's password to contain at least the number of uppercase characters specified here.
      • Minimally force X lowercases
        This configuration requires a user's password to contain at least the number of lowercase characters specified here.
      • Minimally force X digits
        This configuration requires a user's password to contain at least the number of digits specified here.
      • Minimally force X special characters
        This configuration requires a user's password to contain at least the number of special characters specified here.
      • Deny common passwords
        If this checkbox is enabled, the Studio will compare the user's password to a list of frequently used passwords. If the user's password is in the list, it will be refused by the Studio.
      • Allow a maximum of X consecutive identical characters
        This configuration allows the repetition of characters used in the password according to the value entered, but it is used to limit the number of times a character in the password can be repeated consecutively.
      • Does not contain name, first name, email, email prefix, email domain
        This configuration compares a user's password to their information, it will make it impossible for your users to enter their name, last name, email prefix or their email's domain as a part of their password.  

      Note: If we look at the following email as an example. 
      support@itesmedia.tv
      The first part of the email, the part located before the @ (support@itesmedia) is what we call an email prefix. The second part that is located after the @ (support@itesmedia.tv) is what we call the email's domain.

      • Expiration every X days forcing a change of password
        This configuration is used to determine a delay within which a user's password remains valid. For instance, if you enter a value of 30 in this field, the password for the users in your organization will expire every 30 days and will force them to reset their password the next time they login.

      • Do not allow using the previous password
        If enabled, this configuration will make it impossible for your users to enter their previous password whenever they need to reset their password.
      • Number of failed login attempts allowed
        This configuration determines the number of times users are allowed to fail a login attempt before the ITESLIVE Studio forces them to reset their password.

      Note: If the configuration named « Number of failed login attempts allowed with captcha  » is enabled, rather than forcing a user to reset their password the Studio will add a CAPTCHA to the next login attempt.

      • Number of failed login attempts allowed with captcha
        This configuration determines the number of times users are allowed to fail a login attempt once the CAPTCHA has been enabled before forcing the user to reset their password.

      03 password policy2

      In addition to the configurations that validate the passwords entered by your users, there are also configurations that can force a two-factor authentication when a user logs into the ITESLIVE Studio. The two-factor authentication confirms the identity of the person who is logging into the Studio using either a phone number (text message) or an alternate email address. To view the available configurations in this regard, you must activate the checkbox named « Enable two-factor authentication ».
      04 ActiverDoubleAuthentification

      When you activate the checkbox, there will be a confirmation message that will be displayed that asks you to encourage users to provide a phone number or second email address. Click « OK » to continue.
      05 Confirmation

       

      The following configurations will then be displayed beneath the « Enable two-factor authentication ».

      • Two-factor authentication required even with missing information : This checkbox makes it so that a user's information for the two-factor authentication is mandatory to login for all of your users.

      Important:When this configuration is active, the users that have not provided either a phone number of second email address will no longer be able to log in to the ITESLIVE Studio. They will need to provide the required information to an administrator that can enter these details in their ITESLIVE user account.

      • Number of allowed two-factor authentication failures: Determines the number of failed log in attempts the Studio allows with the two-factor authentication enabled before forcing the user to reset their password.
      • Priority channel: Determines the two-factor authentication method that will be prioritised according to the following options. If the priority channel is not available, the alternative method will be used instead.
        • Default: By default, the phone number will be prioritized for the two-factor authentication.
        • Phone number: Prioritizes the use of a text message sent to the user's phone number to confirm their identity.
        • Second email address: Prioritizes the use of an email sent to the user's second email address to confirm their identity.
      • Number of days without two-factor authentication if requested: Offers users the possibility to request that the two-factor authentication to be ignored for the number of days entered here.

      06 Double authetification