Page Comparison

Passwords are required to access ClientSpace and are hashed with one-way encryption. The site uses 2048 SSL encryption. 

When the password is changed, the system records the time and date of this event in the DatePasswordSet field on the User table. The system may then can then be optionally set to run a scheduled process regularly to check the current date against this field and require the user to reset the password if it exceeds a set threshold.**

Password and account security options are as follows:

• Minimum password length (default is 7 characters)
• Password complexity (default is at least two types of characters, i.e., alpha-numeric) - see below
• Number of failed attempts before account lockout (default is 5 attempts)
• Lockout duration (default is 30 minutes) 

Additionally, the system can be configured so that ClientSpace sessions timeout after a set amount of inactivity using the Session Expiration setting, essentially logging the user out of the system.   When this occurs the user receives a  'Session Expired' message in the browser. 

**Security configurations are stored in an Install Security table within the database.

Access To access the configuration through the App Settings interface :

1. Go to System Admin Image Added >

Advanced Image Removed

1. Advanced > App Settings

1. .
   The App Settings form opens.
2. In the Security section, configure the following: 

• PasswordLength: minimum length of a user password.  
• PasswordComplexity***: minimum complexity of a user password (up to 3 levels). : This field specifies the minimum level of password complexity allowed. You can require up to 3 levels of complexity with up to 4 options. Levels are 1 Option, 2 Option, 3 Option, and 4 Option. The complexity includes a combination of letters, mixed case, numbers, and special characters. Your application specialist can help you configure the password complexity level. The system then checks each of the complexity options and allows authentication if the password meets the required levels.
• PasswordResetDays: amount of time in days from the last password reset before a user is forced to change the password (unless 'Password Never Expires' is selected).  
• LoginAttempts: number of failed login attempts before a user account is locked.  
• LockoutDuration: amount of time in minutes before a locked user account automatically unlocks. 
• SessionExpirationMinutes: number of minutes of activity allowed before a session is automatically expired. 

  For help or changes to these configurations, contact your account manager.

***It is important to note that you can require up to 3 levels (of 4 options) of password complexity, which is stored in the Install Security table. The 4 options for password complexity are:

• Letters required
• Numbers required
• Mixed Case (upper and lower) required
• Special Characters required

Your account manager can help you configure the password complexity level of your installation for up to 3 levels of complexity. The system then checks each of the complexity options and allows authentication if the password meets the required levels.