Skip to main content

Password and Security Settings

Manage

The Security Settings

Toin editOPS-COM provide administrators with critical tools to enforce robust password policies and manage login security settings,for hoverall administrative accounts. Properly configuring these settings is essential for protecting sensitive system data, preventing unauthorized access, and complying with organizational security standards.

Security settings are managed within the System Settings area of OPS-COM.

  1. Hover over System ConfigConfiguration, and click System Settings.

    2. image.png

    In System Settings, click

  2. Click Security. in the list of settings.

    image.png

    The Manage System Settings window will openopen, displaying all available security configurations.

Using this Feature

The Security component within System Settings allows administrators to configure various aspects of password management and allaccount thelockout security settings will be available.policies.

Password Security Settings

  • image.png

    Salted Password Hashing,Hashing:

    Password
      Update,
    • Purpose: ToggleThis Password Expiry and Enable Password History

    Using salted password hashingsetting adds an extraessential layer of security to stored passwords. Hashing is a one-way, irreversible process that takes the passwordconverts a useruser's enters and converts itpassword into a unique, short hash value. Salting"Salting" randomizesintroduces thea random string ofinto digitsthis forprocess, the hash value soensuring that even if two users have the same password, theytheir stored hash values will havebe differentdifferent. hashThis strings.prevents It"lookup" is not possible to (reverse engineerengineering) a hash, so you cannot “look up” whatof the original password was.  Instead, a user who forgets their password, formeaning example,forgotten wouldpasswords havemust tobe resetreset, itnot completely.retrieved. This significantly limits an administrator’administrator's ability to view theemployee passwords of employees and closes upa acritical security vulnerability.

Note: Once Hash and Salt is enabled, it should not be turned off.

  • Require Password Update:

    -
    • Purpose: When activated, this setting will forceforces users to change their passwords onupon their next login.

    • Use Case: Ideal for ensuring compliance with regular password changes or after a password reset by an administrator.

  • Toggle Password Expiry:

    -
    • Purpose: By defaultdefault, passwords in OPS-COM do not expire.  For addedenhanced security, it is goodbest practice to havemandate passwordsregular expirepassword everychanges. 90This days.setting Youenables canthe enteruse of password expiry.
    • Configuration: Toggle this setting On.
    • Password Expiry in days: Enter the number of days beforeafter awhich an administrator's password expirywill toexpire, conformaligning with your organization's security policy and(e.g., toggle90 itdays).
      • on.

  • Enable Password History:

    -
    • Purpose: When toggled on,On, OPS-COM will remember passwords previously used by an administrator. The system will then prevent the reuse of those passwords youfor havea usedspecified period.
    • Configuration: Set How long to remember old passwords (in days) to define the past,duration andfor willwhich old passwords are not allowallowed repeatto usebe ofreused.
      • the
    password
    • for
the time set in days. 


image.png

Password Strength and Admin Lockout Requirements

Using Password Strength Settings the admin can set rules for how complex a password needs to be to meet security rules.

These settings include:allow you to enforce complexity rules for administrator passwords.

  • Minimum Password Length: -Sets the minimum number of characters inrequired thefor password
    a password.
  • Enable Passwordpassword Strengthstrength Requirementsrequirements -: Toggles on or off the following specific complexity requirements:

    • Numerical

      MinimumCharacters: Sets the minimum number of Numerical Charactersnumbers required in the password

      password.
    • Lower

      MinimumCase Characters: Sets the minimum number of Lowerlowercase Case Characterscharacters required in the password

      password.
    • Upper

      MinimumCase Characters: Sets the minimum number of Upperuppercase Case Characterscharacters required in the password

      password.
    • Non-Alpha

      MinimumNumeric: Sets the minimum number of Non-Alphanon-alphanumeric numeric(special) Characterscharacters required in the password (Speciale.g., characters such as !, &, #, etc.)

      .
Admin Account Lockout Settings

AdminsThese cansettings optprovide to set upan additional security settings that can lock the user outlayer of thesecurity systemby iflocking an incorrect password is entered repeatedly within a specific time frame. In the setting example, 120 minutes would lock the Adminadministrator out of their account after repeated incorrect password attempts.

  • Enable Admin Lockouts: Toggles on or off the account lockout feature.
  • Lockout after X Attempts: Sets the number of failed login attempts with an incorrect password before the system will lock out the administrator.
  • Login attempt timeframe: Sets the timeframe (in minutes) during which incorrect login attempts are counted. For example, if an administrator fails 3 times within a 5-minute period, their account will be locked out.
  • Lock the admin out for X minutes: Sets the duration (in minutes) that the administrator's account will remain locked. For example, setting it to 120 minutes would mean the administrator is locked out for 2 hours,hours ifbefore threeanother failedlogin attemptsattempt is permitted.

Best Practices & Considerations

  • Robust Security Policy: Always implement a robust security policy that combines strong password requirements (length, complexity), password expiry, and lockout mechanisms.
  • Enable Hashing: Ensure Salted Password Hashing is always enabled for maximum password security.
  • Regular Password Expiry: Enforce regular password expiry (e.g., every 90 days) to logmitigate the risk of compromised credentials.
  • Meaningful Lockout Settings: Configure lockout settings to balance security with user convenience. Too aggressive settings can lead to frequent lockouts, while too lenient settings can be a security risk.
  • Communication: Inform administrators about the security policies in occurplace, duringincluding apassword fivestrength minuterequirements, period.

    expiry rules, and lockout procedures. This helps them comply and understand why they might be locked out.
  • Admins can see, only OPS-COM Team can change: Several security settings (e.g., Hash and Salt, Require Password Update, Toggle Password Expiry, Enable Password History, Enable password strength requirements, Enable Admin Lockouts) are visible to administrators but can only be changed by the OPS-COM Team. For modifications to these specific settings, contact OPS-COM Support.
Back to top