Managing passwords and password policies

Contents

Self-service password resets

Users can reset their passwords by clicking on the Forgot password? link on the sign in page. Skytap asks the user to specify their account name and then sends an activation link to the email address on their profile. This enables users to reset their own password without having to involve an administrator.

Account-wide password policy

The Password Policy tab, located on the Security Policies page of the Admin section, allows you to set global password policies for the entire account. This lets you customize password policy based on the security needs of your organization and apply it uniformly to all users. You can change this policy.

Password Policy Page

The Password policy tab consist of a series of menus which determine password creation and login settings.

Password policy options

Policy

Description

Options

User passwords expire in

Determines how often (if ever) user passwords expire. When a password expires, users are redirected to the Change Password page when they next sign in.

When this setting is changed, the change is applied retroactively. Users with passwords older than the set number of days must change their password the next time they sign in.

  • Never expires (default)
  • 30 days
  • 60 days
  • 90 days
  • 180 days
  • 360 days

Passwords that never expire may be a security risk.

Enforce password history

Determines whether or not users can re-use old passwords. If a password is remembered, it cannot be re-used.

  • No passwords remembered (default)
  • 3 passwords remembered
  • 5 passwords remembered

Minimum password length

Minimum character length for new passwords

When this setting is changed, the change is not applied retroactively. The new setting applies to all new passwords.

  • 6 characters (default)
  • 8 characters
  • 10 characters

Maximum invalid login attempts

Determines how many invalid sign-in attempts can be made before a user is temporarily blocked from signing in.

Once a user is locked out due to invalid sign-in attempts, the user must either:

  • Wait until the lockout effective period has expired to try signing in again (for example, 30 minutes)
  • Have an administrator account remove the block by navigating to the locked-out user’s page and clicking the Reset button next to the Failed login attempts box.
  • No limit
  • 3
  • 5 (default)
  • 10

Lockout effective period

Determines how long the user is prevented from signing in after making a certain number of invalid sign-in attempts (as described above).

  • 15 minutes
  • 30 minutes (default)
  • 60 minutes
  • Forever

If the lockout effective period is set to Forever, the lockout must be manually removed by an administrator.

Session Expiration Time

Determines how long a user’s browser session can remain inactive before the user is automatically signed out of Skytap.

  • A user’s browser session is considered inactive if there is no keyboard or mouse activity on a Skytap web interface (https://cloud.skytap.com) page or Secure Remote Access (SRA) browser client session.
  • If an inactive user is uploading to Skytap, the user’s Skytap session stays active until the upload is complete. Once the upload is complete, the user is signed out.
  • 5 minutes
  • 15 minutes
  • 30 minutes (default)
  • 1 hour
  • 2 hours
  • 4 hours
  • 12 hours
  • Never expires