Configuring Security Policies

Security policies include user name, password, and login policies. Configuring security policies helps improve system security.

Procedure

  1. Choose Settings > System Settings > Security Policies.
  2. Configure Username Policy, Password Policy, and Login Policy.

    Table 1, Table 2, and Table 3 describe related parameters.

    Table 1 Username policy parameters

    Parameter

    Description

    Min. Length

    Indicates the minimum length of a user name, which prevents an excessively short user name from being set. The value must be an integer ranging from 5 to 32.
    Table 2 Password policy parameters

    Parameter

    Description

    Min. Length

    Indicates the minimum length of a user password, which prevents an excessively short password from being set. The value must be an integer ranging from 8 to 32.

    Max. Length

    Indicates the maximum length of a user password, which prevents an excessively long password from being set. The value must be an integer ranging from 8 to 32.

    Complexity

    Indicates the password complexity, which prevents an excessively simple password from being set. Possible options are as follows:

    • A password must contain special characters and at least two of the following types: uppercase letters, lowercase letters, and digits.
    • A password must contain special characters, uppercase letters, lowercase letters, and digits.

    Duplicate Characters

    Indicates the maximum number of consecutive duplicate characters allowed in a password. The value must be an integer ranging from 0 to 9. Value 0 indicates unlimited.

    Retained Historical Passwords

    Indicates the maximum number of retained historical passwords per user. A new password must be different from retained historical passwords. Value 0 indicates unlimited. The value must be an integer ranging from 0 to 30.

    Password Validity

    Indicates whether to set a password validity period. You are advised to enable this function.

    Password Validity Period (Days)

    After Password Validity is enabled, you need to specify the number of days during which a password remains valid. After the validity period of a password expires, the system prompts you to change the password. The value must be an integer ranging from 1 to 999.

    Password Expiration Warning Period (Days)

    After Password Validity is enabled, you need to specify the number of days prior to password expiration that the user receives a warning message. The value must be an integer ranging from 1 to 99.

    Password Change Interval

    Indicates whether to set a password change interval. You are advised to enable this function.

    Password Change Interval (Minutes)

    Indicates the password change interval. The value must be an integer ranging from 1 to 9999.

    The new password cannot be the default password

    Indicates whether to forbid a super administrator to set the new password to the default password.
    Table 3 Login policy parameters

    Parameter

    Description

    Session Timeout Duration (Minutes)

    If no operation is performed on the system during a period specified by this parameter, the system times out and returns to the login page. The value must be an integer ranging from 30 to 100.

    Account Lockout

    After this parameter is enabled, if the number of incorrect password attempts exceeds the threshold, accounts will be locked.

    NOTE:

    For security purposes, you are advised to enable this parameter.

    Lockout Threshold

    Indicates the maximum number of consecutive incorrect password attempts. An account will be locked if the password attempts exceed this threshold. The value must be an integer ranging from 1 to 9.

    NOTE:
    • This parameter is available only when Account Lockout is enabled.
    • After an account is locked, the super administrator can manually unlock it. If Lockout Mode is Temporary, the account will be automatically unlocked when the unlock time is reached.

    Lockout Mode

    Indicates whether an account is locked temporarily or permanently.

    • Permanent: The administrator, device administrator, resource administrator, and read-only user accounts will be locked permanently. The super administrator and key administrator accounts will be automatically unlocked 15 minutes after being locked.
    • Temporary: You can set a time range during which the administrator, resource administrator, and read-only user accounts are automatically locked.

    Automatic Unlock in (Minutes)

    Indicates the time when the system automatically unlocks an account. The value must be an integer ranging from 3 to 2000.

    • This parameter is available only when Account Lockout is enabled and Lockout Mode is set to Temporary.
    • This parameter takes effect only for accounts automatically locked by the system. This parameter does not take effect if a user account is manually locked. A manually locked user account can be manually unlocked only.
    • A user account will be locked as soon as the number of consecutive incorrect password attempts exceeds the threshold.

    Lock Account When Idle

    Indicates whether to lock an account if it is not used for login after a specified period.

    Idle Period (Days)

    Indicates the number of days that an account can remain idle before being locked. The value must be an integer ranging from 1 to 999.

    Login Security Info

    The system notifies the user of the last login information (including the login time and IP address) for security purposes.

    Change Password at First Login

    A user is asked to change the password at the first login. After changing the password, a user needs to log in again.

    User-Defined Info

    When any user logs in to the system successfully, the user-defined information is prompted.

    Info

    This message is displayed upon a successful login.

  3. Click Save and confirm your operation as prompted.
Parent topic: Managing Permission Settings