Global View Password and Lockout Policy
Having a strong password policy is a key component for secure access to SANnav. The strength of your password should depend on the security needs of your organization.
When you set up password policies in SANnav Global View, these policies apply only to the local database. If you are using an external server for authentication, these policies do not apply, and you must set up password policies on the external server. If primary authentication on the external server fails, and you fall back to secondary authentication on the local database, then the password policies defined in SANnav apply.
If you change the password policy so that the passwords of logged-in users are now in violation of the new policy, the users remain logged in, but the next time they try to log in, they get a password violation message and are prompted to change their password.
The following steps provide a guideline for creating a strong password policy. Your policy may vary.
1. Click the Configuration and Settings icon ( 
), and then select SANnav Password and Lockout Policy.
), and then select SANnav Password and Lockout Policy.The Policies dialog displays.
2. Configure the password strength policy, as follows.
Option | Description |
|---|---|
Minimum Length | The default minimum length is 8 characters. Longer passwords increase security dramatically. Select a minimum length of 9 or 10 characters for a stronger password policy. |
Uppercase Letters Lowercase Letters Numbers, and Special Characters | This is the minimum number of upper- and lowercase letters, numbers, and special characters required in the password. The default value for each of these options is 0. For strong passwords, you should set each of these options to at least 1. |
Maximum Repeat | Maximum Repeat specifies the maximum number of repeated characters that are allowed. For example, if Maximum Repeat is 2, then "password" is valid, but "passsword" is not. Select a value or use the default value (2). |
Maximum Sequence | Maximum Sequence specifies the maximum number of sequential characters that are allowed. The sequence is based on the ASCII value of the characters and also applies to special characters. For example, if Maximum Sequence is 1, then "password1" is valid, but "password12" is not, and "passworda" is valid, but "passworde" is not (sequence "de" violates the policy). Select a value or use the default value (1). Note that if you use the default value, some common two-letter sequences (such as "hi", "st", and "no") will be disallowed in passwords. |
3. Configure the password expiration and password history policies.
Option | Description |
|---|---|
Password never expires | By default, passwords never expire. If your password policy enforces strong passwords, you might not want the passwords to expire unless security is compromised. Uncheck this box if you want passwords to automatically expire after a specific time period. |
Password Age | The amount of time after which a password automatically expires. This value is between 15 days (default) and 12 months. For the most security, choose shorter values. A good value is between 45 days and 6 months. |
Warning Period | The number of days prior to password expiration that a user starts getting warning messages. Select a value from 1 (default) to 15 days. |
Password History | The number of previous passwords that cannot be reused. For example, if Password History is 5, users cannot reuse their most recent 5 passwords. Select a value between 1 (default) and 5. For the most security, select 5. |
4. Configure the account lockout and session policy.
Option | Description |
|---|---|
Lockout After | By default, a user account is locked after three failed login attempts. You can change this to 4 or 5 failed login attempts. For the most security, keep the default (3). |
Lockout Duration | A locked account automatically unlocks after the amount of time specified by Lockout Duration. Lockout duration is between 15 (default) and 60 minutes. For higher levels of security, select the higher settings. |
Inactive Duration | By default, you are logged out after 30 minutes of inactivity. You set this value to between 15 minutes and 12 hours. If you select Keep Dashboard active after session expires, then if you are on the dashboard page and the session expires, you are not logged out. You can continue to view the dashboard, which is dynamically updated. If you move off of the dashboard page, however, you are logged out and must log in again. |
5. Click Save.
Parent topic