Set password policies

An administrator is responsible for setting password policies for all Ion Reporter™ Software users. The software allows for strong password authentication (combination of numbers and letters and special characters), and requires password rotation every 90 days.

This feature is available in Ion Reporter™ Server and not available in Ion Reporter™ Software on Connect.

This feature allows you to meet Title 21 CFR Part 11 of Federal Regulations that establishes the United States Food and Drug Administration regulations on electronic records and signatures, password policies, and user activity auditing.

  1. In the Admin tab, click Policies.
  2. In the Password Policy section, specify the password policy values and selections for all Ion Reporter™ Software users.

    Password policy

    Description

    Default value

    Password Length

    The password must contain a minimum of 6 characters and must not exceed 50 characters.

    6 characters

    Password Age (Day(s))

    The number of days that a password is valid. The value used for this policy must not exceed 365 days.

    90 days

    Number of Passwords Remembered

    A password must not be identical to any of the previous passwords that is set with this policy. By default, the password cannot be identical to any of the previous 5 passwords.

    5

    User Suspension Period (Minutes)

    The amount of time that elapses after the configured Number of failed login attempts. The suspension period must be a non-zero value.

    1 minute

    Number of failed login attempts

    The number of failed sign-in attempts must be in the range of 1 to 5.

    5

    Within (Minutes)

    The number of minutes within which multiple failed sign-in attempts will result in a lockout of the account. The value for this time must be within the range of 1 to 30 minutes.

    5 minutes

    Characters allowed in password

    Requirement for passwords to include a variety of types of characters. Select one or more of the following options:

    • At least one number

    • At least one uppercase character

    • At least one lowercase number

    • At least one special character

    All 4 options are selected

    Password Expiry Notification (Day(s))

    The number of days ahead of password expiration that users will be notified about an upcoming password expiration. This value must be within the range of 1 day to 90 days.

    Users will be notified of an upcoming password expiration with an email notification, and with an alert message displayed in the software.

    8 days

    Repeated characters restriction

    Requirements for passwords that avoid the use of repeated characters. Select one of the following options:

    • The same characters can be repeated in a password

    • The same character cannot be repeated in a password

    • The same character cannot be used consecutively in a password

    The same characters can be repeated in a password

  3. Click Save.