Tab Security

 
Security tab of System settings window in Astrow Web
 
Use password policy: If YES, using the application will apply the password policy. If NO, the application will not apply any password policies.
 
Password expires after X days (0 means never): Here you can set the number of days a password will expire after creation if you use the password policy. Keep the default 0 if you don't.
 
Max. number of passwords keep in history: Set here the number of passwords to keep in history in case you use a password policy. If this parameter is set, you are not allowed to use any of the last x passwords kept in history when changing your password in accordance with the policy.
 
Minimum password strength: The parameter refers to the password strength. If set to Weak, the policy will accept a password with at least 6 digits or letters. If Good, the password should contain at least 7 different letters/digits, 1 special character and 1 capital letter. If Strong, the password must contain at least 9 different letters/digits and a combination of 4 different special characters and capital letters.
 
For detailed explanations about password policy, see Password Policy.
 
2 Factor Authentication: The parameter activates a security login option for users also using Astrow Mobile (MSS, ESS, or VT). When logging in Astrow Web, users will receive a notification in Astrow Mobile to confirm the authentication in Astrow Web. If Always, the confirmation of authentication will be requested each time a user logs in Astrow Web; if Random, the request will be made arbitrary.
 
If 2 Factor Authentication is activated, Always or Random, the confirmation will be requested for ALL users, disregarding the fact that they have Astrow Mobile permissions or not. Please make sure all Astrow users have Astrow Mobile installed on their mobile phones and have users permissions.
 
Disable account after X failed consecutive logins: Here you can set after how many attempts of failed successive logins to deactivate a user account. By default, the parameter is set to 4, meaning that after 4 attempts to log in with a wrong password, the account is suspended (inactive) and can be reactivated only by a user with security permissions.