| Policy |
What it does |
How to use it |
| Password Strength |
Minimum strength required when users create their passwords. |
Toggle the switch to Enabled, then select a minimum password strength. |
| Password Expiration
|
Number of days after which the password will expire.
Optionally prevents passwords with a strength score of 5 from expiring, even if password expiration has been enabled. |
Toggle the switch to Enabled, then enter the number of days.
Optionally, select the Strength score 5 passwords do not expire check box.
|
| Recent Password Cycle |
Number of times that a password must be changed until it can be reused. |
Toggle the switch to Enabled, then enter the number of cycles. |
| Recent Password Interval |
Number of days for which recent password cannot be reused. |
Toggle the switch to Enabled, then enter the number of days. |
| Password Length Requirements |
Minimum and maximum length of passwords. |
Toggle the switch to Enabled, then enter a minimum number and/or a maximum number.
The range is 6-30. The default value for the Minimum field is 6. The default value for the Maximum field is 30 |
| Must Contain Letters |
Password must contain at least one letter. |
Toggle the switch to Enabled, then select the type of letter requirement you want to enforce: any, upper case, lower case, both. |
| Must Contain Digits |
Passwords must contain at least one digit. |
Toggle the switch to Enabled. |
| Disallow Characters |
Characters that passwords cannot contain. |
Toggle the switch to Enabled, then enter the characters you do not want to allow users to include in passwords.
'|' cannot be a rejected character. |
| Reject Username as Password |
Password cannot be the same as username. |
Toggle the switch to Enabled. |
| Restrict Number of Failed Login Attempts |
Number of failed login attempts required to deactivate the account. |
Toggle the switch to Enabled, then enter a number.
The default value for this field is 5. |
| Two Factor Authentication |
Use Two Factor Authentication in the login process. |
Toggle the switch to Enabled. |
IP Address Whitelist
(only available when the Two Factor Authentication check box, described above, is selected)
|
Allow IP addresses that can log in without Two Factor Authentication. |
Select this check box, then click the Save button.
Once this setting has been saved, click the Manage link. This will open the 2FA IP Address Whitelist:
For each IP address, enter the IP Address Pattern, enter a description, then click Add. You can use wildcard symbol * to include a range of IP addresses.
NOTE Wildcards are implemented in a very simple way. Just use one or more asterisks in the pattern. An asterisk will replace 0 or more characters
For example, for the IP address 123.456.789.111 all the following patterns will match:
123.*.789.111
123*
123.*.789.
When you have added all the addresses you want, click Update.
Users can log in from the IP addresses on this list without 2FA, even if the 2FA policy is enabled.
NOTE If the 2FA policy is enabled, users logging in for the first time will still be prompted to set up 2FA even if they're logging in from a whitelisted IP address.
|
| Enable Self-Request Access Links |
Allow users to request an access link to access their backups from any web browser, without the need for interaction from an administrator.
NOTE Because this approach is slightly less secure than requiring users to request an access link from an administrator, we recommend that you consider carefully before enabling this policy.
|
Toggle the switch to Enabled. |
Enable policies
