With OnsiteSupport you can set up a password expiration period, different password security levels for end-users and your team members. To manage these policies, please enable Security Policy in Administration » Application and click Settings on the item's.
Password Levels
OnsiteSupport provides the following password security levels:
- Default - each password should contain a minimum of 3 characters. This level is assigned to all teams in the system by default and allows an unlimited number of failed login attempts;
- Low - password length should be at least 5 characters. Users with the low security level would have 10 attempts to log in with the wrong password;
- Normal - any password should contain a minimum of 8 characters including numbers and users would have 5 failed password attempts;
- High - each password must be a combination of special characters, digits, upper and lowercase letters with a minimum of 8 characters. Users would be blocked for 30 minutes if they exceed 3 failed password attempts.
You can change each security level according to your requirements by clicking the Edit icon next to the required level.
Once password levels are specified, please go to Menu » Users, edit the necessary team and assign a specific security level to it.
While registration or password reset, any user will be forced to meet security requirements set up for its team.
Password Expiration
OnsiteSupport provides the ability to specify when passwords should expire and restrict password repeating.
By default, passwords are set to never expire. If you want to change expiration policy, in Administration » Applications » Security Policy » Settings select required period of time (1, 3, 6, 12 months) after which passwords should be changed.
If you want to prevent your users from recycling old passwords, you can leave the default "No" value for "Allow Old Password" setting.
So when the user's password expires, the user would be forced to set a new one while trying to log in to the community. OnsiteSupport will alert whether the user doesn't meet security level requirements or tries to set the previously used password.
Ability to manage password security levels is available only in Enterprise package.
AntiSpam Protection
OnsiteSupport provides additional tools to reduce spam in your community:
- A user can add only one ticket, post or comment per minute. This restriction also works via API;
- In case the user increases the activity even more, the system will ban the user's account and block his IP address.