Organization Settings – Security

Organization Administration

The available options in this category include…

 

Passwords – Length

Passwords should be at least: _ characters long.

Default is 4. GideonSoft recommends passwords should be at least eight characters in length.

 

24-hour Password Change Prevention

Passwords may / may not be changed by users before 1 day.

Do you want your people to create new passwords sooner than a day? If so, they could get around the old password restriction.

 

60-Day Password Expiration

Passwords must / should not expire after sixty days.

Do you want your people to create new passwords every sixty days? This can increase security, but make it more difficult for your people to remember their passwords.

 

Passwords – Complexity

Passwords must / do not need to contain a variety of characters.

Passwords with a combination of: lowercase, uppercase, numbers, and special characters can be more secure. We recommend that this setting is turned on.

 

Passwords – Personal Information

Passwords can / cannot contain personal information.

Passwords that contain personal information can be easier to guess leading to a security breach. We recommend that you do not turn this setting on.

 

Passwords – Dictionary Words

Passwords can / cannot contain dictionary words.

Though including common dictionary words in a password can make passwords easier to remember, they are also much less secure. We recommend turning this setting off.

 

Old Password Reuse

Users can / cannot reuse their old passwords.

Users are more protected when earlier passwords that may have been compromised are prohibited.

 

Account Expiration

Accounts should expire Never / in 45 days / in 90 days / in 6 months / in 1 year.

Do you want accounts to automatically expire? This saves an extra administrator effort of disabling accounts manually.

 

Mobile App User Keep-Alive

Don’t let / Let mobile app users stay signed in.

Let people stay signed in so they don’t have to sign in every time they open the app. This is more usable but less secure.

 

User Inactivity Auto Signout

In five minutes / in ten minutes / in fifteen minutes / never  automatically sign users out due to inactivity.

We recommend automatically signing users out after 10 minutes of inactivity.

 

Multiple Sign In Failure Lockout

Users will be / will not be temporarily locked out after multiple sign in failures.

Use this option carefully. Locking users out after incorrect sign in attempts may increase security, however it can also frustrate legitimate users.

 

Sign In Failure Attempt Limit

Users will be temporarily locked out after 3 / 5 / 10 incorrect attempts.

Set this to a higher number if you want users to decrease the number of users blocked, but this may make it easier for malicious users to gain entry to the system.

 

Locked Out User Re-Access

Locked out users will be able to try again after five minutes / administrator approval.

In order to facilitate a smoother experience, it is recommended to automatically unlock users after five minutes.

 

Multifactor Authentication

Allow / Don’t allow the use of multi-factor authentication.

Enabling multi-factor authentication allows users to set up a second form of authentication, such as Google Authenticator™, when signing in. This significantly increases security for all user accounts for which this is enabled. Each person has the ability to enable/disable this functionality for themselves. Admins only have the ability to disable this functionality for a selected user account (for troubleshooting).

 

Manage API Tokens

This tool allows you to view a list of issued API tokens. There is also an option to revoke API tokens.

 

= = = = =

Version(s): GideonSoft 2024 Release 3 or later