A format that all passwords must adhere to. The password format can be a regular expression or an inline value. For example for a password format that should have minimum 8 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet and 1 Number, the regular expression is: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$

Examples of regular expression for password format:

• for a password format that should have minimum 8 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet and 1 Number, the regular expression is:

  ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$

  Valid password examples: PaSs1234 OR pASS1234

• for a password format that should have minimum 8 and maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character, the regular expression is:

  ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,10}

  Valid password examples: PaSs@123 and pASS1234

Used to verify the integrity of passwords. It includes two settings:

• SHA-1: Cryptographic hash algorithm (default setting for upgrades).

• Scrypt: Password-based key derivation function (default setting for clean installation).

If you change the password hashing algorithm, all existing user passwords become invalid on saving the changes. Therefore, you must specify the default password, and also specify if the password must be updated for all users or only for the current user.

• Default password: Specify the default password. Once you save the settings, passwords for resources get updated to the default password.

• Update password: Specify if the password must be updated for all users or only for the current user:

  • All users: Updates all the users with the new password. The users can login once with that password, but are forced to change their password on next successful login.

  • Current users only: Updates only your own (current user) password. If you select to update password for the current user only, ensure that existing users passwords are changed manually; otherwise, they cannot login with their old passwords.

In TotalAgility on-premise, a message appears when an unauthorized user invokes any of the Logon SDK methods to acquire the session ID.

Use a process (default: SYSTEM Reset Password) to reset the password when a user forgets the password and requests a reset. You can also force all users to change the password on the next logon due to a security breach or change in the password format.

An account is locked if unsuccessful logon attempt threshold is exceeded. The account lockout policy disables a user account if the user enters an incorrect password a specified number of times within a specified time. The lockout prevents attackers from guessing users' passwords, and decreases the likelihood of successful attacks on your network. You can define an account lockout duration. Alternatively, an administrator can manually lock and unlock accounts.

• Maximum number of logon attempts: The number of failed logon attempts after which a user account must be locked. A locked-out account can only be used again if it is reset by an administrator or if the lockout duration for the account has expired. You can set a value of failed logon attempts between 0 and 999. A value of 0 indicates that the account cannot be locked. (Default: 5)

• Account lockout duration: The number of minutes an account remains locked before automatically gets unlocked. The account lockout duration can range from 0 minutes through 99,999 minutes. A value of 0 indicates that the account will remain locked out until an administrator explicitly unlocks it. (Default: 30 Minutes)