Configuring security settings

You use the Password Complexity group of fields on the Settings page to specify the required complexity of the passwords that Asta Connect users can set up:

To use Asta Connect's default password complexity settings, select the Use default settings check box. The default password complexity settings are that passwords must be at least six characters in length, with no other restrictions.

To specify your own password complexity settings, clear the Use default settings check box, then use the following fields to specify the required complexity of passwords:

• Select the Require digit check box to specify that passwords must contain at least one number - for example '5'; '8'; '3'.
• Select the Require lowercase check box to specify that passwords must contain at least one lower-case alphabetical character - for example 'g'; 'd'; 'u'.
• Select the Require non-alphanumeric check box to specify that passwords must contain at least one character that is neither a number or an alphabetical character - for example '*'; '&'; '%'.
• Select the Require uppercase check box to specify that passwords must contain at least one upper-case alphabetical character - for example 'F'; 'E'; 'B'.
• Enter the required minimum length of passwords in the Required length field.

To specify that users should be locked out of Asta Connect for a period of time following a number of unsuccessful attempts to sign in:

1. On the Settings page, select the Enable user account locking on failed login attempts check box.
2. Specify the number of consecutive failed sign in attempts a user is allowed before being locked out in the Maximum number of failed login attempt count before locking the account field.
3. Specify the number of seconds for which a user should be locked out of Asta Connect after they have reached the maximum number of sign in attempts in the Account locking duration (as seconds) field. After this time period has elapsed, the user will be able to make further sign in attempts.

For example, if you specify the maximum number of failed login attempts as '3' and a locking duration of '300', users will be locked out of Asta Connect for five minutes if they try and fail to sign into Asta Connect on three consecutive attempts.

User account locking applies only to those users who do not use the Elecosoft Identity Service to sign into Asta Connect, and against which the Lockout enabled check box has been selected, on either the New User or the Edit User dialog.

To specify that users should not be locked out of Asta Connect, regardless of the number of consecutive failed sign in attempts, clear the Enable user account locking on failed login attempts check box.

If a user has been locked out of Asta Connect following a number of unsuccessful attempts to sign in, you can unlock them manually. This saves them having to wait until the account locking duration is over.