Managing Password Security
Improved password security continues to be a vital consideration in the management of sensitive data. This was evidenced with the introduction of the NDIS Quality Safeguards Framework in July 2019, along with changes to Notifiable Data Breaches in Australian Privacy Legislation.
In response to this, SupportAbility implemented the following functionality to enhance how password security is managed:
- Minimum password requirements
- The ability for organisations to configure their own 'Password Strength Management'
- Specific functionality for managing how Staff Account passwords are set and reset.
More information about this can be found in the following articles, linked below for reference:
- Creating a Staff Account
- Assisting another Staff Member to log in
Privileges: Staff require the 'Edit System Preferences' privilege in order to update 'Password Strength Management'.
Audience: Authorised Representatives, HR Specialist, IT Specialist, Team Leaders, and anyone tasked with creating or updating Staff Accounts &/or troubleshooting log in issues.
The following list summarises the content of this article. Click on the links below to take you to the relevant sections:
Minimum Password requirements
SupportAbility enforces a minimum set of password requirements:
- Passwords must not be the same as the username
- Passwords must be at least 6 characters in length
If a Staff Member does not have a password that matches these minimum requirements, they will be prompted to update their password to ensure that it does:
Password Strength Management
In addition to these default minimum password requirements, organisations can establish their own minimum requirements by activating the 'Password Strength Management' setting.
To activate this, navigate to the 'Password Settings' area of the 'Authentication' section on the 'Settings' tab in 'System Preferences':
Select the 'Password Strength Management' checkbox to display more options:
Once activated, further options will display:
This allows you to configure the following:
- Set the 'Minimum Password Length' required e.g. 12. Available options for selection range from 6 through to 14 characters:
- Specify which characteristics each Staff Members password must contain, e.g. at least 1 of the following, Lower Case Letter, Number, and Special Character:
When a stronger set of requirements are configured, an amber message is displayed to indicate that once this is saved, 'Staff Members with passwords that do not meet these requirements, will be forced to update their password when they next log in'.
Once the Password requirements have been set, select 'Save Preference Set' to save the updates:
Once updated, Staff whose Passwords do not meet the new requirements will see the following when attempting to log in:
Once Staff have entered a password that meets these requirements, a 'Password successfully updated' message will appear: