LOGIN SECURITY

Users can customize the Login password complexity to match their Corporate IT Policy. Also, users can define lockout rules for incorrect login attempts. Also, users can recover their forgotten Centric 8 passwords without having to contact their Administrator.

Password Complexity Rules

Users with Administrator rights can configure certain policy to be followed while creating the login password, so that the user passwords are protected from possible security threats.

The Login password security policies can be configured through the Security section present on the Setup > Company > Company Defaults tab.

The Login password policy can be configured using the following attributes present in the Security section of the Company Defaults tab:

• Password Minimum Length and Password Maximum Length: The login password length limit can be set between 5 and 80 characters.

• Password Requires a Lower Case Letter, Password Requires an Upper Case Letter, Password requires a Number, Password Requires a special Character: Users can define whether the login password must contain at least one character from  the following four categories by selecting the corresponding check box:

• Upper case characters (A through Z)

• Lowercase characters (a through z)

• Base 10 digits (0 to 9)

• Special characters (!, @, #, and $)

Lockout Policy

Lockout policy controls how and when user accounts are locked out of the centric 8 system. This policy protects the user accounts from unauthorized users. The lockout policy can be configured through the Setup > Company > Company Defaults tab.

If a user log on multiple times to the Centric 8 system with an incorrect password, then the Centric 8 system locks the related user account. The user account can be locked out for a definite or indefinite duration based on the Lockout policy set by the Administrator.

The Lockout policy can be configured using the following six attributes present in the Security section of Company Defaults tab.

• Lockout Reactivation Mode: If the Lockout Reactivation Mode is set to Automatic, then an error message will be displayed with the lockout duration. The related user account will be unlocked automatically after the lockout duration and then the user can log on to the application with correct user name and password. If it is set to Manual, then the related user account will be locked permanently without any lockout duration. The user has to wait till the Administrator unlocks the related user account manually.

• Number of Login Attempts: Users can specify the number of login attempts after which the user account should be locked.

• Lockout Time (minutes): Users can specify the lockout duration, in minutes.

• Enable Password Expiration: Users can select this check box to turn on the password expiration process automatically. After the selection of this check box, the Password Expiration Period (months) field is displayed. After the password expiration date, it is mandatory for users to change the existing password. While changing the existing password, the new password must not be the same as the existing password.

• Password Expiration Period (months): The default value is 6. Allowable values are between 1 and 120.

• Password Reset Email Expiration (minutes): The default value is 15. An Administrator can configure this value according to the Company policy.

Forgot Password

Users can create a new password if they have forgot the existing Centric 8 user password. A Forgot Password link is provided under the Login button in the Centric 8 Welcome page.