To edit your user security settings, click the Settings tab, and then click the User Security Settings link.
- Enable Multi-Factor Authentication - Enables an additional security feature that allows users to link their accounts to a third-party device, requiring an additional level of authentication when logging in to a user account. Enabling this setting simply makes the option to use MFA available, and does not automatically require each user to enable it. Read more about enabling multi-factor authentication.
- Inactive Session Timeout (Minutes) - The length of time before an inactive user is logged out of the system. This setting can range anywhere from 15 minutes to 480 minutes (8 hours) based on your acceptable risk tolerance. For increased security, It is recommended to keep this value as short as possible.
- Minimum Password Length - Defines the minimum number of characters (at least 12 characters) the system will allow for a valid password. In general, a longer the password creates a higher amount of entropy, which creates a stronger password. When adjusting this setting, please note that it will only affect new passwords; existing passwords will not be affected until the next time the password is changed.
- User Password Expiration (Days) - Configures the system to expire user passwords after the specified number of days. When enabled, users will be prompted to change their password once the expiration date is reached, and will no longer be able to access the system until the password change is complete. When first enabled, currently logged in users will not be forced to change their password until their next login. Configuring this setting to "0" (zero) will disable this feature.
- Tip: Once this setting is enabled, the ability to filter staff list and contact list by "Users with expired passwords" will become available (Filter drop down).