top of page
Writer's picturenmonds

Password Management

Updated: Dec 8, 2021

ChilliDB has a number of password management features which adhere to industry standards which make it a safe and secure system to hold all of your information.


Features include:

  • Locking on password verification failure

  • Forgotten Password processes

  • Forced Resets of Passwords

  • Encryption of passwords

  • Password Policy rules


Password Management Features


Locking on Password Verification FailureIf you have forgotten your password, if you keep failing to login, ChilliDB will lock your account after 5 failed login attempts for a period of 5 minutes.



If you keep trying to log in, while it is locked, you will see the countdown reduces each minute to show you how long you are locked out.


When the 5 minutes passes, the message disappears and the lock is removed, allowing you to try again



Forgotten Password processes

If you have forgotten your password, you can use the Forgotten Password link on the login panel. Just enter your username, then click the Forgotten Password link.



ChilliDB will then ask for the Secret Answers to your Secret Questions



When you provide the correct Answers and a new password, you will be able to click Reset Password to reset your password.


You will then see the standard login prompt and be able to log into ChilliDB using the new password.


If you do not have a Secret Question and Secret Answer defined, then ChilliDB will let you know when you click the Forgotten Password link. To recover your password, you will need to have a member of your staff with sufficient permissions to edit User records, modify your User record and reset your password. After your administrator has modified your password, you should

- Change your password - Your administrator may have checked the box for force this when you first login. If they didn’t, you should do it manually:

o On the home screen, go to Preferences


o Select Change My Password



o Enter your old and new password on the required fields, and then your changes.



- Configure a Secret Question and Secret Answer so that you can use the Forgotten Password link.

o On the home screen, go to Preferences


o Select Change My Secret Question


o Enter your Secret Question and Secret Answer, then save your changes.


Forced Resets of Passwords

Your administrator can choose to Force the Reset of any Users password from the User maintenance screen.









Locate and edit the User record, then check the box Force user to change password at next login, and then save your changes.



Next time that user tries to login, ChilliDB will force them to change their password.


Encryption of passwords

ChilliDB Passwords are stored in an encrypted format using industry best practices. For this reason, if you contact ChilliDB HelpDesk for some activities, they will only be able to reset your password or may ask you to reset your password before they look at your system.


Password Policy

ChilliDB supports a number of rules which can be configured to enforce a sensible Password Policy for your whole system, allowing you to choose from any number of the following rules:

  • History - Password must not match the previous X passwords used

  • Letter Content - Password must contain at least X letters

  • Lower-Case Letter Content - Password must contain at least X lowercase letters

  • Symbol - Password must contain at least X symbol characters

  • Expiry - Password will expire if it is more than X days old


Configuring Password Policy on an established system will have no effect on existing user accounts until either their password expires (if you configure an Expiry policy) or you edit their User record and check the box “Force user to change password at next login” which will force them to create a compliant password with your policy rules.


Choose System Management from the System menu











From there, you can choose Manage Password Policy



This will show you any Rules you have in place at present


You can add additional Rules by clicking create in the top right of the screen. Then choose them from the Rule drop down, and entering the Rule Value – e.g. Rule: History, Rule Value = 5 would mean, ChilliDB passwords must not match the previous 5 passwords


Best Practices

  • Do not use the same password for all users you create in ChilliDB.

  • Always force your users to reset their Password when you give them a password so only they know their password

  • Utilise Password Policy to enforce rules such as Password History, Complexity and Ageing for all ChilliDB users.

  • Remind all users that they should never write down their passwords near their desk or use obvious passwords which are easy to guess. Utilise Password Complexity to enforce this.

  • Be careful of web browsers which remember your passwords or try to automatically log you into ChilliDB as they can cause many repeated failures and lock a ChilliDB account repeatedly.

35 views0 comments

Comments


bottom of page