NOTE: Article content is intended for those on iMIS 2017 (20.2.65). The rules have been updated for those on iMIS EMS (20.3). See the iMIS EMS help site for details.
Security for all of our hosted clients is very important at ASI. We continue to roll out security policies that comply with industry standards. Recently, these policies have become even stricter to ensure your privacy is protected.
Security Tips
Familiarize yourself with the current security policies that are enforced by ASI.
Frequently, users end up getting locked out of their environment. One simple way to avoid this is to log out after each session, or at least once a day. This allows your password-expiration reminders to be displayed to your users beginning 14 days before an account is set to expire. You will receive a reminder each time you log in with a fresh session. If you remain logged in on a session and only close the session window without first logging out, you will never be prompted to change your password. It is very important to completely log out of each environment daily.
Recommended Password Security Practices
The following is a list of recommended practices to follow for enhanced password security:
- Enforce Password History: This sets the frequency by which old passwords can be reused.With this policy, you can discourage users from alternating between several common passwords.
ASI sets this value at 4. A password cannot be reused until the password has cycled through four password changes. - Maximum Password Age: This determines how long users can use a password before they must change it. The aim is to force users to change their passwords periodically. Generally, you specify a shorter period when security is very important and a longer period when security is less important.
- ASI sets this value at 90 days.
- ASI sets this value at 90 days.
- Minimum Password Length: This sets the minimum number of characters for a password. For security reasons you’ll generally want passwords of at least eight characters, as long passwords are usually more difficult to crack than short passwords. For greater security, set the minimum password length to 14 characters.
- ASI sets this value at eight characters.
- ASI sets this value at eight characters.
- Passwords Must Meet Complexity Requirements: Beyond the basic password and account policies, newer Microsoft Operating Systems include facilities for creating additional password controls. These facilities enforce the use of secure passwords under the following guidelines:
- Passwords must contain at least six characters.
- Passwords cannot contain the user name or parts of the user’s full name, such as a first name.
- Passwords must use at least three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols.
ASI enables this value by default.
0 Comments