Guides
Guides

Password

Suggest Edits

1. Password Policy Configuration Overview

Within InvestGlass, you can set detailed rules that govern how passwords are created, stored, and used. These rules ensure robust account security by enforcing best practices such as strong passwords, time‑based lockouts, and multi‑factor authentication (2FA). This page can be restricted to Administrator roles. If you do not have access, contact your team leader.

2. Key Policy Settings

  1. User Session Timeout

    • Specifies how long a user session remains active before automatic logout (e.g., 8 hours).
    • Reduces the risk of unauthorised access if a user leaves their computer unattended.

  2. Enforce Password History

    • Determines the number of previous passwords the system remembers, preventing users from reusing old passwords too frequently.

  3. Minimum Password Length

    • Sets the shortest allowable password length (e.g., 6 characters).
    • Increasing this length improves security but may impact user convenience.

  4. Password Complexity Requirement

    • Requires certain character types (e.g., uppercase, lowercase, numbers, special characters).
    • Ensures stronger, less guessable passwords.

  5. Password Question Requirement

    • Optionally enforces security questions for password reset or login verification.
    • Provides an extra layer of identity confirmation.

  6. Maximum Invalid Login Attempts

    • Limits how many failed login attempts a user can make before the account is locked.
    • Helps deter brute‑force attacks.

  7. Lockout Effective Period

    • Determines how long the lockout lasts once the maximum invalid attempts threshold is met (e.g., 6 hours).
    • Prevents quick, repeated brute‑force attempts over a short time window.

  8. Password Lifetime

    • Sets the maximum time a password can be used before a user must change it (e.g., “None Specified” or “90 days”).
    • Encourages routine password updates for better security.

  9. Maximum Invalid SMS Login Attempts

    • Similar to “Maximum Invalid Login Attempts,” but for users receiving SMS codes.
    • Useful when using two‑factor authentication (2FA) via text messages.

  10. Maximum Consecutive Lockout Attempts

    • If users repeatedly hit lockouts (even after waiting for the lockout period), you can define a threshold that triggers additional security measures.

3. Multi‑Factor Authentication (2FA)

  1. Member – Two Factor Authentication (2FA)

    • Choose how internal members (employees) receive their 2FA codes:
      • Email, SMS, or Authentication App.
    • Press Reset to disable or reset 2FA for specific members if needed.

  2. Client Portal Member – Two Factor Authentication (2FA)

    • Configure 2FA methods specifically for client portal users—separate from internal user settings.
    • Email, SMS, or an authenticator app can be enforced based on your compliance needs.

  3. Show Password Eye

    • Toggles whether users see the “eye” icon that reveals their typed password for easier verification during entry.

  4. Select Field for Email / Select Field for SMS

    • Specifies which CRM field InvestGlass uses to send emails or SMS for 2FA or password resets (e.g., “Email” and “Phone Mobile”).

4. Password Recovery & Account Lockout Assistance

Email – Forgot Password / Locked Account Assistance

  • You can customise the email that users receive when they need to reset a forgotten password or unlock a locked account.
  • Compose your own text in the Email body message area to match your company’s tone, including helpful instructions or links to support resources.

5. Best Practices

  1. Use Strong Minimum Requirements

    • At least 8‑12 characters, including uppercase, lowercase, numeric, and special characters, is recommended.

  2. Enforce Regular Changes

    • Encourage users to update passwords every 60‑90 days, or as mandated by compliance.

  3. Implement 2FA

    • Two Factor Authentication adds a significant layer of security.
    • Choosing SMS or an authenticator app can protect against many common attacks.

  4. Monitor Lockouts

    • If you see repeated lockout attempts in logs, investigate potential unauthorized access attempts.

  5. Clear User Communications

    • Customise password reset emails so users understand how to safely reset their password, and to recognize official messages versus phishing attempts.

2FA application

When you select this option, you can set for the first login which fields - will be used to send the first attempt. First login enforce 2FA.

Updated 25 days ago