Managing Password Security
Improved password security continues to be a vital consideration in the management of sensitive data. This was evidenced with the introduction of the NDIS Quality Safeguards Framework in July 2019, along with changes to Notifiable Data Breaches in Australian Privacy Legislation.
In response to this, SupportAbility implemented the following functionality to enhance how password security is managed:
- Minimum password requirements
- The ability for organisations to enhance their own required minimum password requirements
More information about this can be found in the following articles, linked below for reference:
- Creating a Staff Account
- Assisting another Staff Member to log in
Privileges: Staff require the 'Edit System Preferences' privilege in order to update 'Password Strength Management'.
Audience: Authorised Representatives, HR Specialist, IT Specialist, Team Leaders, and anyone tasked with creating or updating Staff Accounts &/or troubleshooting log in issues.
Summary
The following list summarises the content of this article. Click on the links below to take you to the relevant sections:
Minimum password requirements
SupportAbility enforces a minimum set of password requirements as outlined below:
- The password cannot be the same as the Username
- It must be at least 8 characters long
- It must include at least two of the following
- Upper-Case Letter (Default)
- Lower-Case Letter (Default)
- Number
- Special Character
These minimum password requirements are displayed on the Settings tab of System Preferences:
And when a Password Reset is triggered:
Configuring enhanced minimum password requirements
In addition to these default minimum password requirements, organisations can add further requirements:
- Increase the minimum password length requirement up to 16 characters
- Require a number
- Require a special character
These additional requirements can be configured in the Password Settings section on the Settings tab in System Preferences:
To make changes to the minimum password length or character type requirements, select the desired password length from the dropdown list or select the respective checkbox(es) and then select 'Save Preference Set' to lock in the changes.
In the example below, the minimum password length has been increased from 8 to 10, and the inclusion of a number is also now required.
When the Password Settings have been changed, an amber message appears at the bottom to advise that those who do not meet these new requirements will be required to update their password when they next log in.
The prompt that Staff receive to update their password when logging in will clearly outline the new requirements.
In this example, it shows the requirement to be at least 10 characters long and now includes the requirement to include a number as well as an upper case and lower case letter:
Once Staff have entered a password that meets these requirements, a 'Password successfully updated' message will appear:
