The Security tab of the Global Preferences page sets up the items below:
Miscellaneous
Setting |
Description |
---|---|
Calpendo is configured so that it allows the user's browser to remember their login name and password (if this facility is enabled by each user's browser). Disable this facility at a global level by setting this to false. |
|
This enables or disables protection against brute force password hacking attempts. This should probably always be enabled. The only potential problem with this is that the protection involves disabling logging in from the IP address being used by the hacker. So if there is a hacker on your own network, it's possible that this protection could stop some legitimate users logging in temporarily. This is only ever temporary |
|
Calpendo is configured to allow users to reset their password automatically if forgotton. |
|
Calpendo is configured to force a logout if the users IP address changes. Set to Allow session to span IP Address to switch this off. |
|
On Password Change |
Calpendo is configured to force users to re-login if they change their password. |
User Session Timeout In Minutes |
The number of minutes before the users session will timeout. |
Minimum Login Name |
The minimum number of charcters a login name is allowed to be. |
Auto Refresh Delay |
The delay in minutes between refreshes for those pages that support them. |
IP Address Stability
A user can specify whether to force a logout when an IP address changes. Some networks are configured to change the apparent IP address used by the browser at a regular interval. This change in IP address is treated in Calpendo as a likely hack attempt and so automatically logs users out when the same session is used from multiple IP addresses. This can now optionally be disabled for networks that normally have unstable IP addresses.
Password Content
This provides control of the content of passwords that people are allowed to use.
Setting |
Description |
---|---|
Minimum Password Length |
This specifies how many characters must be in each password. A user will not be able to set a password that is shorter than this setting. |
Have a Been Pwned Threshold. |
This specifies the threshold of how many times the password has been exposed before rejection. |
Require lower case characters |
Specifies whether passwords must include lower case characters. |
Require upper case characters |
Specifies whether passwords must include upper case characters. |
Require numbers |
Specifies whether passwords must include numbers. |
Require non-alphanumerics |
Specifies whether passwords must include characters that are not numbers or letters. |
Passwords are prevented from containing identifying information. Specifically, we prevent passwords from containing:
•given name, family name, middle name
•login name, login identifier
•"exprodo", "calpendo"