Configuring Security Policies

Security policies include user name, password, and login policies. Configuring security policies helps improve system security.

Context

Only super administrators and security administrators can configure security policies.

Procedure

  1. Choose Settings > User and Security > Security Policies.

  2. Configure Username Policy, Password Policy, and Login Policy.

    Table 1, Table 2, and Table 3 describe related parameters.

    Table 1 Username policy parameters

    Parameter

    Description

    Min. Length

    Indicates the minimum length of a user name, which prevents an excessively short user name from being set. The value must be an integer ranging from 5 to 32.
    Table 2 Password policy parameters

    Parameter

    Description

    Min. Length

    Indicates the minimum length of a user password, which prevents an excessively short password from being set. The value must be an integer ranging from 8 to 32.

    Max. Length

    Indicates the maximum length of a user password, which prevents an excessively long password from being set. The value must be an integer ranging from 8 to 32.

    Complexity

    Indicates the complexity of a password, preventing you from setting overly simple passwords. Complexity options are A password must contain special characters and at least two of the following types: uppercase letters, lowercase letters, and digits and A password must contain special characters, uppercase letters, lowercase letters, and digits.

    Duplicate Characters

    Indicates the maximum number of consecutive duplicate characters allowed in a password. The value must be an integer ranging from 0 to 9. Value 0 indicates unlimited.

    Retained Historical Passwords

    Indicates the maximum number of retained historical passwords per user. A new password must be different from retained historical passwords. Value 0 indicates unlimited. The value must be an integer ranging from 0 to 30.

    Password Validity

    Indicates whether to set a password validity period. You are advised to enable this function.

    Password Validity Period (Days)

    After Password Validity is enabled, you need to specify the number of days during which a password remains valid. After the validity period of a password expires, the system prompts you to change the password. The value must be an integer ranging from 1 to 999.

    Password Expiration Warning Period (Days)

    After Password Validity is enabled, you need to specify the number of days prior to password expiration that the user receives a warning message. The value must be an integer ranging from 1 to 99.

    Password Change Interval

    Indicates whether to set a password change interval. You are advised to enable this function.

    Password Change Interval (Minutes)

    Indicates the password change interval. The value must be an integer ranging from 1 to 9999.
    Table 3 Login policy parameters

    Parameter

    Description

    Session Timeout Duration (Minutes)

    If no operation is performed on the system during a period specified by this parameter, the system times out and returns to the login page. The value must be an integer ranging from 30 to 100.

    Account Lockout

    After this parameter is enabled, a user will be locked if the number of incorrect password attempts reaches Lockout Threshold.

    NOTE:

    For security purposes, you are advised to enable this parameter.

    Lockout Threshold

    Indicates the maximum number of consecutive incorrect password attempts. A user will be locked if the password attempts reach this threshold. The value must be an integer ranging from 1 to 9.

    NOTE:
    • This parameter is available only when Account Lockout is enabled.
    • A super administrator can manually unlock locked users. If Lockout Mode is Temporary, locked users will be automatically unlocked when the unlock time is reached.

    Lockout Mode

    Indicates whether a user is locked temporarily or permanently.

    • Permanent: The administrator, device administrator, resource administrator, and read-only users will be locked permanently. The super administrator and key administrator will be automatically unlocked 15 minutes after being locked.
    • Temporary: You can set a time range during which the administrator, resource administrator, and read-only users are automatically locked.

    Automatic Unlock in (Minutes)

    Indicates the time when the system automatically unlocks a user. The value must be an integer ranging from 3 to 2000.

    • This parameter is available only when Account Lockout is enabled and Lockout Mode is set to Temporary.
    • This parameter takes effect only for users automatically locked by the system. Users who are manually locked can only be manually unlocked.
    • A user will be locked as soon as the number of consecutive incorrect password attempts reaches the threshold.

    Lock Account When Idle

    Indicates whether to lock a user if it is not used for login for a specified period of time.

    Idle Period (Days)

    Indicates the number of days that a user can remain idle before being locked. The value must be an integer ranging from 1 to 999.

    Login Security Info

    The system notifies the user of the last login information (including the login time and IP address) for security purposes.

    Change Password at First Login

    A user is asked to change the password at the first login. After changing the password, a user needs to log in again.

    User-Defined Info

    When any user logs in to the system successfully, the user-defined information is prompted.

    Info

    This message is displayed upon a successful login.

  3. Click Save and confirm your operation as prompted.
Parent topic: Managing Permission Settings