Authentication & Password Security

With data security becoming ever-more important, we wanted to ensure that your users and your information are being kept as safe as possible. That’s why, over that last few months, we’ve been working hard at tightening up PICS with regards to user authentication and password security. Let’s look at some of the default new features that we’ve added:

Enforcing Password Complexity

We want to increase user security by making sure that new user passwords match industry-standard complexity requirements. When a user changes their password, we’ll make sure that their password matches the newly implemented password complexity. Based on our current complexity standards, the password:

  • Must be between 8 and 20 characters in length
  • Must contain at least one upper case character
  • Must contain at least one lower case character
  • Must contain at least one number

If the password doesn’t meet these complexity requirements, the user will be asked to change it when they log in.

Enforcing Password Change when logging in for the first time

When logging in for the first time we force the user to create a password that is allowed by our password complexity requirements.

Configuring Passwords in PICS

To give you the control to implement security to the standards that meet your needs, we’ve added a new tab to PICS Configuration called “User Authentication” which has the following options:

Enforcing Active Directory Login – When this option is enabled it will only match the user name and password entered against your networks Active Directory (AD). If not enabled, it will mean that the authentication process will check AD to find a matching pics user first and then proceed to checking the PICS database if it couldn’t find a match in AD. The default for this setting is NOT enabled.

Maximum Login Failures Allowed – This option allows you to specify the maximum number of failed login attempts (how many times you can enter the wrong password) before that user account is locked out for a set duration (see next feature). The minimum is 5 attempts: setting it a value lower than this will result in PICS using the minimum value of 5 instead.

Maximum Login Failure Timeout in minutes – This option allows you to specify the amount of time a user account will be locked out for, in minutes, because of the previous feature. The maximum is 2880 minutes (48 hours) and the minimum is 5 minutes: attempting to use a value lower or higher than this will result in PICS using the default minimum/maximum value instead.

Maximum Password Age in weeks – This security feature is currently only enforced by PICS and only to users who are NOT using AD authentication to login. This option allows you to specify how long a user can use a password for before it expires and needs changing. The maximum value is 52 weeks and the minimum value is 1 week: attempting to set it a value lower or higher than this will result in PICS using the default minimum/maximum value instead.

Anyone with permissions to view PICS Configuration will be able to see the “User Authentication” tab and which security options are currently enabled or what their values are. However, to be able to edit these security configuration options you’ll need the Database Administrator permission on your PICS user account.

These features have been slowly integrated into PICS applications over the course of the last few months and are already available. If you’re happy with the defaults listed above, just continue to use your software as normal and the enhanced security will be automatically applied.

Leave a reply