Configuring Security

Under Security, you can set the following options:
Session timeout: Log out users after this many minutes of inactivity (1-480 minutes).
Require strong passwords: Require passwords to be at least 8 characters and contain at least one uppercase letter, lowercase letter, number, and symbol.
Password expiration interval: Reset the number of days before a user must change the password (1-720 or blank).
Failed login count: Reset the number of failed logins within Failed login interval that will cause the account to be locked (1-20).
Failed login interval: Number of minutes within which Failed login count results in account being locked (1-60).
Self registration: Determines whether nonusers can create or request user accounts. Choose from the following options:
  • none Not allowed.
  • moderated You must approve the account before it is created. If you allow selfregistration, the moderated setting is recommended for security.
  • unmoderated After a user registers, the user’s account is automatically created.
Note: If users are allowed to selfregister, they see a Request an Account link on the login page. After a user clicks this link and completes the form, you are prompted under Admin > Accounts > Self Registration to Approve, Deny, or Delete the user’s account. You can also perform a status search for new accounts.