Password and Security Settings

The Security Settings in OPS-COM provide administrators with critical tools to enforce robust password policies and manage login security for all administrative accounts. Properly configuring these settings is essential for protecting sensitive system data, preventing unauthorized access, and complying with organizational security standards.

Security settings are managed within the System Settings area of OPS-COM.

Hover over System Configuration, and click System Settings.
Click Security. The Manage System Settings window will open, displaying all available security configurations.

Using this Feature

The Security component within System Settings allows administrators to configure various aspects of password management and account lockout policies.

Password Security Settings

Salted Password Hashing:
- Purpose: This setting adds an essential layer of security to stored passwords. Hashing is a one-way, irreversible process that converts a user's password into a unique, short hash value. "Salting" introduces a random string into this process, ensuring that even if two users have the same password, their stored hash values will be different. This prevents "lookup" (reverse engineering) of the original password, meaning forgotten passwords must be reset, not retrieved. This significantly limits an administrator's ability to view employee passwords and closes a critical security vulnerability.

Note: Once Hash and Salt is enabled, it should not be turned off.

Require Password Update:
- Purpose: When activated, this setting forces users to change their passwords upon their next login.
- Use Case: Ideal for ensuring compliance with regular password changes or after a password reset by an administrator.
Toggle Password Expiry:
- Purpose: By default, passwords in OPS-COM do not expire. For enhanced security, it is best practice to mandate regular password changes. This setting enables the use of password expiry.
- Configuration: Toggle this setting On.
- Password Expiry in days: Enter the number of days after which an administrator's password will expire, aligning with your organization's security policy (e.g., 90 days).
Enable Password History:
- Purpose: When toggled On, OPS-COM will remember passwords previously used by an administrator. The system will then prevent the reuse of those passwords for a specified period.
- Configuration: Set How long to remember old passwords (in days) to define the duration for which old passwords are not allowed to be reused.

Password Strength Requirements

These settings allow you to enforce complexity rules for administrator passwords.

Minimum Password Length: Sets the minimum number of characters required for a password.
Enable password strength requirements: Toggles on or off the following specific complexity requirements:
- Numerical Characters: Sets the minimum number of numbers required in the password.
- Lower Case Characters: Sets the minimum number of lowercase characters required in the password.
- Upper Case Characters: Sets the minimum number of uppercase characters required in the password.
- Non-Alpha Numeric: Sets the minimum number of non-alphanumeric (special) characters required in the password (e.g., !, &, #, etc.).

Admin Account Lockout Settings

These settings provide an additional layer of security by locking an administrator out of their account after repeated incorrect password attempts.

Enable Admin Lockouts: Toggles on or off the account lockout feature.
Lockout after X Attempts: Sets the number of failed login attempts with an incorrect password before the system will lock out the administrator.
Login attempt timeframe: Sets the timeframe (in minutes) during which incorrect login attempts are counted. For example, if an administrator fails 3 times within a 5-minute period, their account will be locked out.
Lock the admin out for X minutes: Sets the duration (in minutes) that the administrator's account will remain locked. For example, setting it to 120 minutes would mean the administrator is locked out for 2 hours before another login attempt is permitted.

Best Practices & Considerations

Robust Security Policy: Always implement a robust security policy that combines strong password requirements (length, complexity), password expiry, and lockout mechanisms.
Enable Hashing: Ensure Salted Password Hashing is always enabled for maximum password security.
Regular Password Expiry: Enforce regular password expiry (e.g., every 90 days) to mitigate the risk of compromised credentials.
Meaningful Lockout Settings: Configure lockout settings to balance security with user convenience. Too aggressive settings can lead to frequent lockouts, while too lenient settings can be a security risk.
Communication: Inform administrators about the security policies in place, including password strength requirements, expiry rules, and lockout procedures. This helps them comply and understand why they might be locked out.
Admins can see, only OPS-COM Team can change: Several security settings (e.g., Hash and Salt, Require Password Update, Toggle Password Expiry, Enable Password History, Enable password strength requirements, Enable Admin Lockouts) are visible to administrators but can only be changed by the OPS-COM Team. For modifications to these specific settings, contact OPS-COM Support.

Resolve Duplicate Options

History Search

Purge Old - Explained

Purging Incidents

Handheld Devices and Commons

Managing Recurring and Onetime System Tasks

Using the Database Importer (Beta)

Importer Field Descriptions

Preview Spaces (Database to Preview)

Data Maintenance Articles

Manage Roles and Permissions

Permissions in OPS-COM

Manage Administrator Groups

Manage Admin User Accounts

IP Filtering for Admin Users

Guide to System Settings

Troubleshooting - Email Server Communication Errors

Alarms System Settings

Defining User Profile Settings

Configuring Multi-Factor Authentication on the User Portal

Password and Security Settings

Uploading and Managing Files

Dashboard Layouts and Custom Items

Setting Up Single Sign-On with OperationsCommander

Using SAML SSO with OPS-COM

Login Sources (SSO)

Email Headers and Footers

System Messaging Checklist

Email Templates

Translations

Default Header and Footer for Mobile Readiness and SwiftDeploy

Pages and Content Blocks

Templates and Design

User Types

Limiting Active Vehicles

User Departments

Departments

User Setup

Vehicle Types

Vehicle Makes

Vehicle Colours

Vehicle Plate Types

Vehicles Setup

Permit States

Parking Setup

Common Lots

Lot Zones

Locations - Sub Locations

Location Setup

Locations

Sort Violations for Quick Access

Ticket Offence Items

Violations Setup

Ticket Categories

Relations

Incidents Setup

Ethnic Types

Missing Property Types

Extended User Profile Options

Flags

Email Alert List

Manage Email Warnings

The Invoice Template

Deposit Options

Taxes

Sources - Dispatch

Dispatch Categories

Dispatch Setup

Distribution Setup

Users - Distribution Admin Options

Alerts - Distribution

Search for a User

Actions - Distribution

Status - Distribution

Warnings - Distribution

Form 11 Shortcodes

User_card Shortcode

User Information Shortcodes

System_code Shortcode

PermitTempPdf and Conditional Shortcode