This page explains how to manage various account-related policies, focusing on passwords, privacy, audit results, and user account settings.
To configure your account policies, go to Account Management > Account Policies.
By default, Kiuwan enforces a basic password policy (minimum 8 characters, including at least 2 numbers). However, this policy is customizable.
Password strength
You can define password complexity by setting rules that ensure users create strong and secure passwords:
- Minimum password length.
- Minimum number of:
- Uppercase letters
- Lowercase letters
- Digits
- Special characters
Password History
Enforcing the Password History policy sets how often an old password can be reused. You can define the number of previous passwords remembered, discouraging users from reusing previous passwords and preventing them from alternating between several common passwords.
Password expiration (days)
Use the Password Expiration policy to specify how long a password remains valid (in days). Once the password expires, the user is automatically redirected to a Change Your Password page on their next login. To maintain account security, it's important to change your password regularly.
Login attempts
To protect against brute-force or dictionary attacks, you can set a limit on the number of consecutive failed login attempts. Once the threshold is reached, the account is automatically locked.
Do not enforce Password Reset at first login
By default, when Kiuwan generates a new password, for example, when creating a new user, it requires the user to reset their password upon first login. If you select the option Do not enforce Password Reset at first login, users do not require to change the password after the first login.
Scenarios for password creation or reset
New passwords are generated in the following situations:
- When creating a new user.
- When an administrator reset a user's password.
- When a user completes the Forget my password process from the login page.