The Security tab of the Global Preferences page sets up the items below:

Miscellaneous

 

GenPrefSecurity

 

Setting

Description

Browser Allowed To Remember Passwords

Exprodo SDM is configured so that it allows the user's browser to remember their login name and password (if this facility is enabled by each user's browser). Disable this facility at a global level by setting this to false.

Brute Force Password Hacking

This enables or disables protection against brute force password hacking attempts. This should probably always be enabled. The only potential problem with this is that the protection involves disabling logging in from the IP address being used by the hacker. So if there is a hacker on your own network, it's possible that this protection could stop some legitimate users logging in temporarily. This is only ever temporary

Forgotten Login Names/Passwords

Exprodo SDM is configured to allow users to reset their password automatically if forgotton.

On IP Address Change

Exprodo SDM is configured to force a logout if the users IP address changes. Set to Allow session to span IP Address to switch this off.

On Password Change

Exprodo SDM is configured to force users to re-login if they change their password.

User Session Timeout In Minutes

The number of minutes before the users session will timeout.

Minimum Login Name

The minimum number of charcters a login name is allowed to be.

Auto Refresh Delay

The delay in minutes between refreshes for those pages that support them.

IP Address Stability

A user can specify whether to force a logout when an IP address changes. Some networks are configured to change the apparent IP address used by the browser at a regular interval. This change in IP address is treated in Exprodo SDM as a likely hack attempt and so automatically logs users out when the same session is used from multiple IP addresses. This can now optionally be disabled for networks that normally have unstable IP addresses.

Password Content

This provides control of the content of passwords that people are allowed to use.

 

GenPrefSecPassword

 

Setting

Description

Minimum Password Length

This specifies how many characters must be in each password. A user will not be able to set a password that is shorter than this setting.

Have a Been Pwned Threshold.

This specifies the threshold of how many times the password has been exposed before rejection.

Require lower case characters

Specifies whether passwords must include lower case characters.

Require upper case characters

Specifies whether passwords must include upper case characters.

Require numbers

Specifies whether passwords must include numbers.

Require non-alphanumerics

Specifies whether passwords must include characters that are not numbers or letters.

 

Passwords are prevented from containing identifying information. Specifically, we prevent passwords from containing:

given name, family name, middle name

login name, login identifier

"exprodo", "calpendo"