Managing Password Security
With the introduction of the NDIS Quality Safeguards Framework in July 2019, along with recent changes to Notifiable Data Breaches in Australian Privacy Legislation, improved password security is needed more so now than ever before.
Several changes have been made to improve password security in SupportAbility v6.13 and have been outlined in detail in this article, including the introduction of:
- Minimum password requirements
- The ability to configure 'Password Strength Management' in System Preferences
- Changes to the manner in which Staff Account passwords are set and reset. More information about this can be found in the following articles, linked below for reference:
- Creating a Staff Account
- Assisting another Staff Member to log in
Audience: Authorised Representatives, HR Specialist, IT Specialist, Team Leaders, and anyone tasked with creating or updating Staff Accounts &/or troubleshooting log in issues.
- In order to update Password Strength Management, Staff require the System Preferences privilege
The following list summarises the content within this article. Click on the links below to take you to the relevant sections:
Minimum Password requirements
From the upgrade to v6.13, SupportAbility will enforce a minimum set of password requirements:
- Passwords must not be the same as your username
- Passwords must be at least 6 characters in length
If a Staff Member does not have a password that matches these minimum requirements, they will be prompted to update their password to ensure that it does:
Password Strength Management
In addition to these default minimum password requirements, organisations can establish their own minimum requirements by activating the new 'Password Strength Management' setting in System Preferences. Once activated, this allows you to specify which characters Staff passwords must include.
To activate this, select the 'Password Strength Management' checkbox:
Once activated, this allows us to configure the Minimum Password Length required e.g. 12 (recommended), as well as the ability to specify which characteristics each Staff Members password must contain e.g. at least 1 of the following, Lower Case Letter, Number, and Special Character:
When a stronger set of requirements are configured, an amber message is displayed to indicate that once this is saved, Staff Members with passwords that do not meet these requirements, will be forced to update their password in order to do so upon the next log in. For example:
Once Staff have entered a password that meets these requirements, a 'Password successfully updated' message will appear: