Creating Account Security

Creating an account security profile enables end-users to control administrative accounts to better manage admin accounts, passwords, login, and DoS prevention.

  1. Go to Administration > Admins and Roles.
  2. Select the Account Security tab.
  3. Click Create.
    The Create Account Security page appears.
    Figure 1. Creating Account Security
  4. Configure the following:
    • Name: Type the name of the security profile that you want to create.
    • Description: Provide a short description for the profile.
    • Account Lockout: You can configure the security profile to lock the account based on the duration of the session or number of failed attempts to access the account. Provide the values as necessary. Ensure you select the check-box against Lock account for (minutes) after in order to enable the feature.
    • Password Expiration: Select this check-box and type the number of days for which the account's password will be valid. After the configured number of days, the password will expire and render the account inaccessible. You must change the password before the expiration day to have continued access to the account. By default, the password is valid for a period of 90 days. It can be configured for validity from a minimum of 1 day, to a maximum of 365 days.
      If your password has expired, you will be prompted to change or reset your password as soon as you login. Reset the password as shown in the figure.
      Figure 2. Resetting the old password
    • Password Reuse: Selecting this check-box prevents the reuse of passwords. By default, the value is 4 (last 4 passwords cannot be reused).
    • Click OK.
    From Global Security, you can select the check-box to enable Captcha for Login. The captcha feature provides additional security to ensure a human is signing into the account, and not a robot. If this feature is enabled; when you login to the web interface, the captcha characters are displayed in the login page as shown.
    Figure 3. Captcha enabled in the login page
    Type the characters as shown in the captcha picture and login. The characters in the captcha image are case sensitive and can be refreshed if not clear.
    Attention:

    Copyright (c) 2008, James Childers All rights reserved.

    BSD License Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
    • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
    • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
    • Neither the name of SimpleCaptcha nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  5. Click OK to submit the security profile/form.
    The newly created profile is added under the Account Security section.

You have created the account security profile.

Note: You can also edit and delete the profile by selecting the options Configure and Delete respectively, from the Administrator tab.