InsideSales.com
InsideSales.com
InsideSales.com Menu

Advanced Training: Admin

Password Security

To help you protect your security, the InsideSales.com system features a variety of password protection settings. As an administrator, you can choose from a variety of security options such as expiration timelines, complexity requirements, re-use limits, and lockout settings. Users are also given visual feedback to indicate the strength of their passwords.

These features are managed through controls in the Admin tab. Administrators can establish the basic "ground rules" through the settings, and are not authorized to directly change users' passwords themselves. Instead, a password reset system is in place in conjunction with the password security features.

Password Creation Features

Password Strength Meter

Notice the strength meter that evaluates password strength as it is entered on the various password creation pages.


(Password Strength Indicator)
Click to view larger image.

As a password is typed, the strength meter displays one of six designations depending on the complexity of the password. The system bases its rating based on the amount of various types of characters used in the password:

  • Capital letters (Remember: passwords are case-sensitive.)
  • Lowercase letters
  • Numbers
  • Special characters
  • Total characters

Here are the password ratings in order from weakest to strongest:

  • Invalid - Password does not meet the set requirements.
  • Very Weak (Red)
  • Weak (Orange)
  • Moderate (Yellow)
  • Strong (Light Green)
  • Very Strong (Dark Green)

Password Requirements Checklist

Password entry pages also feature a Password Requirements Checklist. This list displays the password requirements and checks them off as a new password is entered:


(Password Requirements Checklist)
Click to view larger image.

These requirements can be set by administrators. See the next section of this document for details.

Password Security Settings

Permission to Access the Security Settings Page

Access to the settings is controlled by permission. By default, this permission may not be enabled, meaning that an admin will have to specifically enable the permission to ever be able to see the tool page.

To activate this permission, go to the Manage Permissions link on theAdministration tab and choose the user profile you'd like to edit. Check the box next to Password Security under the Administrative section, then click Save.

Note that this permissions is to activate the link to visit Password Security Settings page, and not to turn the password security features themselves on and off.

Password Settings Page

Once the view permission for this item is enabled, the link to access the new settings will be under the Company Settings heading as shown below.


(Administrative > Company Settings > Password Security Settings)
Click to view larger image.

Here, administrators can edit various settings regarding the security level of passwords.


(Password Settings Page)
Click to view larger image.

The Password Security Settings page contains the following fields:

  • User Password is Good For
  • New Password History
  • Password Length
  • Password Complexity
  • Maximum Failed Attempts
  • Lockout Period Length

All fields are required. They each have a dropdown selector next to them. The functions of each field and the various drop-down options are described below.

The Save button updates all changes to the settings, and returns the user to the Admin tab. Cancel does not save any changes, and returns the user to the Admin tab.

User Password is Good For

This determines how long a password remains useable before the system forces the user to update upon login.

Dropdown options and their functions:

  • Never Expires - The password remains useable indefinitely and the system never forces the user to create a new one.
  • Monthly - The user is prompted to create a new password every month
  • Quarterly - The user is prompted to create a new password every three months
  • Yearly - The user is prompted to create a new password every year

New Password History

The user is not allowed to create a "new" password that is exactly like the last one. The New Password History option determines how many passwords the system remembers. Any previous passwords contained in this memory are rejected if they are submitted as new passwords.

Dropdown Options:

  • 1 Password Remembered
  • 2 Passwords Remembered
  • 3 Passwords Remembered
  • 4 Passwords Remembered
  • 5 Passwords Remembered

Password Length

This setting determines the minimum character length for passwords.

Dropdown Options:

  • 6 Characters
  • 8 Characters
  • 10 Characters
  • 12 Characters
  • 14 Characters

Password Complexity

This setting determines what types of characters must be included in a password.

Dropdown Options:

  • None - The password does not need to include any particular type of characters (the character length value still applies. This does not mean no password is required).
  • Alphanumeric - The password must contain both numbers and letters.
  • Alphanumeric With Special Characters - The password must contain numbers, letters, and special characters. Available special characters:

      !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  :  ;  <  =  >  ?  @  [  \  ]  ^  _  `  {  |  }  ~

Maximum Failed Attempts

This option determines how many times a user must get the password wrong before the system locks them out from making any more attempts.

Dropdown Options:

  • No Limit - The system never locks users out for getting the password wrong.
  • 3 - The system locks out any user who enters the password incorrectly 3 times in a row.
  • 10 - The system locks out any user who enters the password incorrectly 10 times in a row.
  • 15 - The system locks out any user who enters the password incorrectly 15 times in a row.

Lockout Period Length

This determines the duration of the lockout period when a user meets the Maximum Failed Attempts defined above.

Dropdown options:

  • 15 Minutes - The user can not attempt login for 15 minutes.
  • 30 Minutes - The user can not attempt login for 30 minutes.
  • 60 Minutes - The user can not attempt login for 60 minutes.
  • Indefinite (Must be reset by Admin) - The user is barred from attempting to log in forever or until the Admin lifts the ban.

Resetting a Locked Out User

To allow a user to log back in after being locked out, an administrator will need to use the password reset function as outlined in the section of this document entitled "Admin Resetting a User's Password." These actions will work regardless of the Lockout Period Length setting.

Save and Cancel

Click Save  to save your work and return to the Admin tab. Click Cancel to leave the page and discard any unsaved work.

Security Settings Update Notice

Security Settings Update Page

Whenever an administrator changes the password settings, users with passwords that no longer meet the requirements will get the following screen immediately after login:


(Recent Password Security Settings Change Notification)
Click to view larger image.

This screen notifies users of the change, alerts them to the new requirements, and prompts them to create a new one.

While they enter their password, the checkbox checks off each requirement as it is met, and the password strength indicator rates the overall password complexity.

Password Reset Page

If you forget your password, you can click the Forgot your password link on the login page, enter your email, and click Send. If the email you entered is valid, you will receive a message with a link to page shown below. Alternatively, admins can send out this email using the process outlined in the section of this document entitled "Admin Resetting a User's Password."


(Password Reset)
Click to view larger image.

If the requirements are met and the Password and Confirm fields match, the Save button confirms the submission and changes the password. The user will then be allowed to log in with their new password.

Admin Resetting a User's Password

The Reset Password button is visible when the user views employee profiles other than his or her own. Pressing this button will bring up the following popup window:


(Manage Users - Reset Password Popup)
Click to view larger image.

If you click Cancel, nothing happens. If you click OK, the system will email the affected user a link which they can use to reset their password.

If you want to temporarily lock down a user's account, you'll need to "delete" the user (render them inactive).

User Resetting Their Own Password

When users view their own profile, the Password Reset button reads Edit Password.

The password entry field will display as shown, including the new password strength display tools.


(Edit Password Page)
Click to view larger image.

Creating a New User

When you or another admin creates a new user, you'll typically input a username, and much of the user's profile info. When you save the profile, you will be given the option to set the user's initial password. When you do so, you'll be given the following window:


(Password - User Initial Setup Overlay)
Click to view larger image.

New passwords must meet all of the requirements outlined in order to be accepted by the system. As a password is entered, the Password Requirements  box will check off each requirement as it is fulfilled. These requirements are set on thePassword Security Settings Page, which is explained in the next section of this document.

A password strength indicator also rates the overall complexity of the password.

Release Notes

Find our most recent release notes.

Forum

Our InsideSales.com community forum is coming soon.

Advanced Training Guides

Advanced training for the Lead Management Platform.

Have questions?

We're happy to help. An InsideSales.com expert is just a phone call away.

(866) 593-2807

Mon-Fri 6-7 MST

Back To Top

© 2004–2014 InsideSales.com, Inc. all rights reserved. Use of the InsideSales.com service and this Web site constitutes acceptance of our Terms of Use and Privacy Policy. InsideSales.com technology is protected by the following United States Patents: 8078605, 8325738, 8352389, 8510382, 8566419.