Wazoku follows NIST password across all sites, Co-creation Communities, the Idea App and Microsoft Office username and password logins.
Password requirements include:
- Minimum password length, but no less than 8 characters.
- Limits on reusing passwords (i.e. block last 3 passwords used).
- Account lockout after X attempts after X minutes.
- Password strength checks (measured against a blacklist of passwords including breached passwords, commonly used dictionary words and repetitive or sequential characters).
These requirements will be set by the site Administrator to meet the organisation's requirements.
Minimum Password Length
Admins can update the minimum password length required for all Users. If any users have an existing password that does not meet any new minimum password length requirements, they will be redirected to the reset password page when they next attempt to login with their existing password. They must then reset their password to meet the new requirements as shown below:
Failed Login Attempts and Temporary Lockout
Admins can set how many attempts a User can have logging in before they get locked out of their account, and how long a user should then be locked out if they enter incorrect passwords.
If a User attempts to login with an incorrect password they will be given a warning that explains how many attempts they have remaining and the time that their account will be temporarily locked for should they use up their remaining allowed attempts.
If the user attempts to login with a password too many times based on the requirement set in the Admin Panel, then they will be locked out and presented with a warning that states how long they will be locked out for. At any point during this time the User can unlock their account by resetting their password using the forgotten password link.
Previously remembered passwords
Admins can limit previously used passwordswhen a user chooses to reset their password or has their password reset by the Admin. Should they attempt to create a new password using a previously used password, then they will be given a warning that states this and prompted to select a new password before being able to proceed:
Password strength meter
A password-strength meter offers guidance for setting or resetting a password and will assist the user in choosing a strong memorised password that not only meets all the complexity requirements, but also reassures them that their password is as strong as possible.
The different password strength indicators are ‘Weak’, ‘Fair’, ‘Strong’ and ‘Very Strong’. When registering for a new account or resetting a password, the respective submit button will remain disabled for all ‘Weak’ passwords by comparing the user password with a password blacklist. The button will only become enabled once a ‘Fair’ or stronger password is input into both password input fields:
Changing a user account passwords
Users logged into their account will be allowed as many attempts to reset their password from within their account settings that has been set within the Admin Panel password settings. If they use more than the attempts allowed, the user will then lock their account and they will not be able to change their password for as many minutes that has also been set within the Admin Panel.
Previously Remembered Passwords
Should they attempt to create a new password using a previously used password, then they will be given a warning that states this and prompted to select a new password before being able to proceed.
Registering for a new account
When registering for an account on the Idea App, the password strength meter will assist users when creating a password. The submit button will again remain disabled until at least a ‘Fair’ password has been created.
Existing users logging into the Idea App will be allowed as many attempts that has been set within the Admin Panel password settings before being locked out of their account for as many minutes that has also been set within the Admin Panel.
Admin resetting passwords
Existing users attempting to log into their account on the Idea App after their password has been reset by an Admin will trigger a password reset email and will be required to reset their password before being able to login.
Admin increasing minimum length requirements
Existing users attempting to log into their account on the Idea App after an Admin increases the minimum password length requirements will trigger a password reset email and will be required to reset their password before being able to login.
A User's MS Office login to Idea Spotlight is set via their main account and the same settings and requirements apply.