Articles in this section

See more

Passwords - Users

Sally Brogan
  • Updated

Wazoku follows NIST password across all sites, Co-creation Communities, the Idea App and Microsoft Office username and password logins.

Password requirements include: 

  • Minimum password length, but no less than 8 characters. 
  • Limits on reusing passwords (i.e. block last 3 passwords used). 
  • Account lockout after X attempts after X minutes.
  • Password strength checks (measured against a blacklist of passwords including breached passwords, commonly used dictionary words and repetitive or sequential characters).

These requirements will be set by the site Administrator to meet the organisation's requirements.

 

Minimum Password Length 

Admins can update the minimum password length required for all Users. If any users have an existing password that does not meet any new minimum password length requirements, they will be redirected to the reset password page when they next attempt to login with their existing password. They must then reset their password to meet the new requirements as shown below:

 blobid0.png

Failed Login Attempts and Temporary Lockout 

Admins can set how many attempts a User can have logging in before they get locked out of their account, and how long a user should then be locked out if they enter incorrect passwords.

If a User attempts to login with an incorrect password they will be given a warning that explains how many attempts they have remaining and the time that their account will be temporarily locked for should they use up their remaining allowed attempts.

blobid1.png  

If the user attempts to login with a password too many times based on the requirement set in the Admin Panel, then they will be locked out and presented with a warning that states how long they will be locked out for. At any point during this time the User can unlock their account by resetting their password using the forgotten password link. 

blobid2.png

Previously remembered passwords 

Admins can limit previously used passwordswhen a user chooses to reset their password or has their password reset by the Admin. Should they attempt to create a new password using a previously used password, then they will be given a warning that states this and prompted to select a new password before being able to proceed: 

blobid4.png

 

Password strength meter 

password-strength meter offers guidance for setting or resetting a password and will assist the user in choosing a strong memorised password that not only meets all the complexity requirements, but also reassures them that their password is as strong as possible.  

The different password strength indicators are ‘Weak’, ‘Fair’, ‘Strong’ and ‘Very Strong’. When registering for a new account or resetting a password, the respective submit button will remain disabled for all ‘Weak’ passwords by comparing the user password with a password blacklist. The button will only become enabled once a ‘Fair’ or stronger password is input into both password input fields: 

 

Weak

 blobid4.png

Fair 

blobid6.png

 Strong

 blobid5.png

Very Strong

blobid7.png

 

Changing a user account passwords 

Users logged into their account will be allowed as many attempts to reset their password from within their account settings that has been set within the Admin Panel password settingsIf they use more than the attempts allowed, the user will then lock their account and they will not be able to change their password for as many minutes that has also been set within the Admin Panel. 

 

 blobid5.png

Previously Remembered Passwords 

Should they attempt to create a new password using a previously used password, then they will be given a warning that states this and prompted to select a new password before being able to proceed.

blobid6.png

 

Idea App

Registering for a new account 

When registering for an account on the Idea App, the password strength meter will assist users when creating a password. The submit button will again remain disabled until at least a ‘Fair’ password has been created. 

Logging in 

Existing users logging into the Idea App will be allowed as many attempts that has been set within the Admin Panel password settings before being locked out of their account for as many minutes that has also been set within the Admin Panel. 

Admin resetting passwords 

Existing users attempting to log into their account on the Idea App after their password has been reset by an Admin will trigger a password reset email and will be required to reset their password before being able to login. 

Admin increasing minimum length requirements 

Existing users attempting to log into their account on the Idea App after an Admin increases the minimum password length requirements will trigger a password reset email and will be required to reset their password before being able to login. 

 

MS Office

A User's MS Office login to Idea Spotlight is set via their main account and the same settings and requirements apply.

blobid9.png

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk