Security Module Configuration Variables

Jun 8, 2015 12:06 pm

With the enhanced security updated in V 10 of Freedom, I have a few questions.
Is there a place in Green where the security requirements can be configured?
By default, I believe that passwords need to be 8 character minimum with One CAP letter and One Number. Can that requirement be changed?
Also if a person attempts too many logins they are locked out for a period of time. How many logins before a lockout? What is the duration of the lockout? Can those settings be changed?
Are there other security enhancements we should be aware of?

Jun 9, 2015 10:49 am

Hello Paul,

The following security enhancements were made to Freedom:
1. Green security users must now have a password which contains One Capital, One Lowercase and One Numeric character as well as being at least 8 characters long. This is not a configurable option.
2. If a person attempts to log in incorrectly 5 times within 5 minutes they are locked out for a 5 minute period (until all of their incorrect logins clear out.) At this time they will be able to attempt to log in again. When a user is locked out Freedom automatically sends an email to the email account connected to the security user. This will allow users to see if someone else has been attempting to access their account. This is not a configurable option.
3. We have added integration with Google Authenticator for users who wish to enable two factor authentication on their site. It can be enabled within Green > Configuration, once turned on all security users will be required to use two step authentication. Their initial seed key will be emailed to them upon enabling of the configuration setting in order to allow them access to the site.