Tuesday, December 13, 2011
Important features available in XPLAN ensure best practice in password administration.
XPLAN can only be accessed with a valid user name and corresponding password.
Protecting your login details is the first and most obvious step in preventing unauthorised access to your data.
XPLAN has built-in features for administering password best practice including ensuring passwords are changed routinely, and that incorrect login attempts are blocked from further use.
Password policy
The Password Policy function lets you control password attributes, ensuring users of your system adhere to best practice when creating passwords.
- Strong Passwords. Force users to include both characters and numbers when creating their passwords. Encourage users to set unpredictable passwords.
- Minimum Length. Specify the number of characters required in a password. The longer a password, the less likely it will be guessed by others, but bear in mind that too long a password will annoy users and be harder to remember.
- Password Expiry. Force users to change their password regularly. A password expiry of 90 days is reasonable because it allows users to commit it to memory by using it for a period without having to write it down.
Access denial policy
The Access Denial function in XPLAN lets you configure what happens when users make unsuccessful login attempts. This is designed to ensure that anyone attempting to guess passwords are denied access, removing the possibility of a successful guess.
- Threshold. Set the number of failed attempts over a period that will force a denial. For example 3 failed attempts in 5 minutes.
- Release. Automatically release locked accounts after a period of time. Alternatively, you can choose to manually unlock accounts that become denied.
| |
“ Passwords are important and should never be shared. ” |
|
Password resets are a fact of life
It is important for administrators to remember that users are human. They may need support, particularly if forgotten passwords result in their account becoming blocked from unsuccessful attempts.
Requests for password resets should be treated with respect. Regardless of the frequency of these requests, it shouldn’t be a bother to help staff protect their passwords.
Be vigilent when accessing XPLAN
- Keep login details secure when accessing XPLAN from more than one computer.
- Always type your site’s address into the web browser, or use your own bookmarked favourites.
- Never write down your login details or reveal them to anyone.
- Do not follow any links within emails to XPLAN. IRESS will never contact you in an unsolicited way and ask for login details to your site. We may require your login details as part of support services, but we encourage you to change your password before or after any contact with us.
For more information about tightening the security of your password settings, please contact your Account Executive.