Wazoku follows NIST password across all sites, Co-creation Communities, the Idea App and Microsoft Office username and password logins.
Password requirements include:
- Minimum password length, but no less than 8 characters.
- Limits on reusing passwords (i.e. block last 3 passwords used).
- Account lockout after X attempts after X minutes.
- Password strength checks (measured against a blacklist of passwords including breached passwords, commonly used dictionary words and repetitive or sequential characters).
Admin Password Settings
Security settings can now be defined and managed within the Admin Panel Access Management tab by Users with access to this area. Settings will be applied to the main site, all Co-Creation Communities, the Idea App and MS Office.
Admins can now set:
- Site specific minimum password length
- Number of failed login attempts before a user is locked out
- Length of lockout time
- Rules on previously remembered passwords
If any Users have an existing password that does not meet any new minimum password length requirements, they will be redirected to the reset password page when they next attempt to login with their existing password.
Resetting User Passwords
Admins can now reset individual User passwords, passwords within a specific group of Users or passwords for every user across their whole site. This provides an extra level of protection should there be any reason to believe there has been a data breach within the site or a password for a User or group of Users has been compromised.
Within the User tab of the Admin Panel, Admins have been given the option to ‘Reset All Passwords’, which can be applied to a chosen group of users (Admins, Managers, Full Contributors, Limited Contributors or Line Managers) or they can reset individual user passwords by selecting one or more users from their list of users:
Reset All User Passwords
Reset Individual User Passwords
Users logging in after their password has been reset by an Admin will then be redirected to the password reset page with a message explaining that their password has been reset by an Admin.
Idea App Passwords
All changes made by Admins to Users main accounts will be reflected in the Idea App.
MS Office Passwords
All changes made by Admins to Users main accounts will be reflected when they log in via MS Office.