Managing passwords and password policies
Self-service password resets
Users can reset their passwords by clicking on the Forgot password? link on the sign in page. Skytap asks the user to specify their account name and then sends an activation link to the email address on their profile. This enables users to reset their own password without having to involve an administrator.
Account-wide password policy
The Password Policy tab, located on the Security Policies page of the Manage section, allows you to set global password policies for the entire account. This lets you customize password policy based on the security needs of your organization and apply it uniformly to all users. You can change this policy.
The Password policy tab consist of a series of menus which determine password creation and login settings.
Password policy options
User passwords expire in
Determines how often (if ever) user passwords expire. When a password expires, users are redirected to the Change Password page when they next sign in.
When this setting is changed, the change is applied retroactively. Users with passwords older than the set number of days must change their password the next time they sign in.
- Never expires (default)
- 30 days
- 60 days
- 90 days
- 180 days
- 360 days
Passwords that never expire may be a security risk.
Enforce password history
Determines whether or not users can re-use old passwords. If a password is remembered, it can’t be re-used.
- No passwords remembered (default)
- 3 passwords remembered
- 5 passwords remembered
Minimum password length
Minimum character length for new passwords
When this setting is changed, the change is not applied retroactively. The new setting applies to all new passwords.
- 6 characters
- 8 characters (default)
- 10 characters
Maximum invalid login attempts
Determines how many invalid sign-in attempts can be made before a user is temporarily blocked from signing in.
Once a user is locked out due to invalid sign-in attempts, the user must either:
- Wait until the lockout effective period has expired to try signing in again (for example, 30 minutes)
- Have an administrator account remove the block by navigating to the locked-out user’s page and clicking the Reset button next to the Failed login attempts box.
- No limit
- 5 (default)
Lockout effective period
Determines how long the user is prevented from signing in after making a certain number of invalid sign-in attempts (as described above).
- 15 minutes
- 30 minutes (default)
- 60 minutes
If the lockout effective period is set to Forever, the lockout must be manually removed by an administrator.
Lets administrators set minimum complexity requirements for user account passwords.
- Contains at least one uppercase character (
- Contains at least one lowercase character (
- Contains at least one base-10 digit (
- Contains at least one special character (
Determines how long a user’s browser session can remain inactive before the user is automatically signed out of Skytap.
- A user’s browser session is considered inactive if there is no keyboard or mouse activity on a Skytap web interface () page or Secure Remote Access (SRA) browser client session.
- If an inactive user is uploading to Skytap, the user’s Skytap session stays active until the upload is complete. Once the upload is complete, the user is signed out.
- 5 minutes
- 15 minutes (default)
- 30 minutes
- 1 hour
- 2 hours
- 4 hours
- 12 hours
- Never expires