To help you protect your security, the InsideSales.com system features a variety of password protection settings. As an administrator, you can choose from a variety of security options such as expiration timelines, complexity requirements, re-use limits, and lockout settings. Users are also given visual feedback to indicate the strength of their passwords.
These features are managed through controls in the Admin tab. Administrators can establish the basic "ground rules" through the settings, and are not authorized to directly change users' passwords themselves. Instead, a password reset system is in place in conjunction with the password security features.
Here, administrators can edit various settings regarding the security level of passwords.
The Password Security Settings page contains the following fields:
All fields are required. They each have a drop down selector next to them. The functions of each field and the various drop-down options are described below.
The Save button updates all changes to the settings, and returns the user to the Admin tab. Cancel does not save any changes, and returns the user to the Admin tab.
This determines how long a password remains useable before the system forces the user to update upon login.
Drop down options and their functions:
The user is not allowed to create a "new" password that is exactly like the last one. The New Password History option determines how many passwords the system remembers. Any previous passwords contained in this memory are rejected if they are submitted as new passwords.
Drop down Options:
This setting determines the minimum character length for passwords.
Drop down Options:
This setting determines what types of characters must be included in a password.
Drop down Options:
This option determines how many times a user must get the password wrong before the system locks them out from making any more attempts.
Drop down Options:
This determines the duration of the lockout period when a user meets the Maximum Failed Attempts defined above.
Drop down options:
Resetting a Locked Out User
To allow a user to log back in after being locked out, an administrator will need to use the password reset function as outlined in the section of this document entitled "Admin Resetting a User's Password." These actions will work regardless of the Lockout Period Length setting.
Click Save to save your work and return to the Admin tab. Click Cancel to leave the page and discard any unsaved work.
Notice the strength meter that evaluates password strength as it is entered on the various password creation pages.
As a password is typed, the strength meter displays one of six designations depending on the complexity of the password. The system bases its rating based on the amount of various types of characters used in the password:
Here are the password ratings in order from weakest to strongest:
Password entry pages also feature a Password Requirements Checklist. This list displays the password requirements and checks them off as a new password is entered.
These requirements can be set by administrators. See the next section of this document for details.
Whenever an administrator changes the password settings, users with passwords that no longer meet the requirements will get the following screen immediately after login:
This screen notifies users of the change, alerts them to the new requirements, and prompts them to create a new one.
While they enter their password, the checkbox checks off each requirement as it is met, and the password strength indicator rates the overall password complexity.
If you forget your password, you can click the Forgot your password link on the login page, enter your email, and click Send. If the email you entered is valid, you will receive a message with a link to page shown below. Alternatively, admins can send out this email using the process outlined in the section of this document entitled "Admin Resetting a User's Password."
If the requirements are met and the Password and Confirm fields match, the Save button confirms the submission and changes the password. The user will then be allowed to log in with their new password.
The Reset Password button is visible when the user views employee profiles other than his or her own. Pressing this button will bring up the following popup window to confirm the reset of the user password.
If you click Cancel, nothing happens. If you click OK, the system will email the affected user a link which they can use to reset their password.
If you want to temporarily lock down a user's account, you'll need to "delete" the user (render them inactive).
When users view their own profile, the Password Reset button reads Edit Password.
The password entry field will display as shown, including the new password strength display tools.
When you or another admin creates a new user, you'll typically input a username, and much of the user's profile info. When you save the profile, you will be given the option to set the user's initial password. When you do so, you'll be given the window to create the password.
New passwords must meet all of the requirements outlined in order to be accepted by the system. As a password is entered, the Password Requirements box will check off each requirement as it is fulfilled. These requirements are set on thePassword Security Settings Page, which is explained in the next section of this document.
A password strength indicator also rates the overall complexity of the password.