As Omnilert systems store critical contact information, good security practices are strongly encouraged.
The Password policy feature allows the enforcement of secure admin and subscriber passwords.
Options are provided to enforce strong passwords as well as frequent password changes. Both are helpful in ensuring that your admin accounts are protected.
Three key functions will help ensure that your admins select strong passwords:
- Password length: A longer password is typically harder to hack.
- Password complexity: More complex passwords are harder to crack. Mixing case, numbers, and symbols help. Avoid dictionary words, as well.
- Frequent changes: The enemy of a good password is often time. The older a password is, the less secure it becomes as the chances increase of the password being leaked, lost, or cracked by a computer. Changing a password essentially "resets the clock" for a hacking program.
Other important security settings:
- Allow administrators/subscribers to change their own password: By default, this box is checked and admins can change their own passwords. If un-checked, your admins will not be able to change their passwords. A super admin will need to manage their passwords for them.
- Require administrator/subscriber to reset password expiration: Enable this option to force admins to change their password every X days. (Set the number of days in the box below this option.
- Prevent administrator/subscriber from password reuse: This option will store a set number of past passwords, forcing each admin to choose something new when they reset their password.
- Password expiration requires administrator reset: If checked, admins who allow their password to expire will be locked out. The admin won't be permitted to log in until a super admin unlocks their admin account.
What happens when a password expires?
If you allow admins to change their own passwords, after an admin's password expires, the system will prompt them to create a new password when they next try to log in with the expired password.
Of course, their new password will need to match the requirements of your password policy, as well.