Warning
WARNING: The TrackAbout MetaWiki has been deprecated and is no longer being updated. Please visit our new TrackAbout Knowledge Base at https://supportkb.trackabout.com for the most-up-to-date documentation on TrackAbout and TrackAbout Mobile.

Password Security

From TrackAbout MetaWiki
Jump to navigation Jump to search
TrackAbout Feature
Feature Name: Password Security
In Module: Core Tracking
Short Description Protect data by ensuring password complexity and requirements are adequate
Available In: TAMobile 6 Desktop, TAMobile 6 Rugged, TAMobile 7 Android, TAMobile 7 iOS
← Back to list


Overview

Password rules and minimum requirements are configurable within TrackAbout.

Why You Need It

Password security is important. It's important to keeping personal and business information safe and secure. TrackAbout provides various options to establish secure password rules among your users.

Here are the various Password configurations we have available:

How It Works

Device Rules

  • Require Password on Login: Determines whether or not a Password is required to log into the mobile unit.
  • Minimum Password Length: When mobile Passwords are enabled, this setting determines the minimum number of characters required for a mobile Password. The length must be between 1 and 10 characters.
  • Mobile Password Format: When mobile Passwords are enabled, this setting determines the format of the Password.
    • Any - A Password may be composed of any character.
    • Alpha - Upper and lowercase alphabetic characters are allowed.
    • Numeric - A Password may only be composed of numbers.
    • AlphaNumeric - Requires a combination of both numbers and characters to be valid.
  • Mobile Password Allow Year: Allow the current year to be used in mobile Passwords.
  • Mobile Password No Trivial Passwords: Enables extra validation on mobile Passwords.
    • Must be more than 2 different characters in Passwords. EX: 1122211
    • Must not repeat a character more than twice in a row. EX: 111xxx
    • Must not contain 2 digit recurring patterns. EX: 1212xx
    • Must not contain 3 digit recurring patterns. EX: 123123
    • Must not sequentially increase or decrease for the whole Password. EX 1234567
  • Prevent Password Re-use: Allows for setting the number of previous Passwords to reject for user. User may not repeat any of their last X passwords, where X is configurable. TrackAbout does not store passwords in plain text, but rather stores a non-reversible, one-way cryptographic hash of the password. In this way, TrackAbout can check that a user's new password is not a repeat of an old password, while also not retaining any actual passwords in the database.
    • Setting this config to '0' will disable the historical Password check.

Website Rules

  • Send Email When User Passwords Change: When true, TrackAbout sends an email to users alerting them when their Passwords change.
  • Clicked Password Link Expiration Minutes: Minutes after the Password recovery or new user link is clicked until the link stops working. Use 0 for no expiration.
  • Password Allow Spaces And High Characters: Allow spaces and high ASCII characters in WEBSITE Passwords.
  • Password Minimum Number Of Lower Case Letters: Minimum number of lower case letters for WEBSITE Passwords.
  • Password Minimum Number Of Numeric Characters: Minimum number of numeric characters for WEBSITE Passwords.
  • Password Minimum Number Of Special Characters: Minimum number of special characters for WEBSITE Passwords. EX: @#$%&*!
  • Password Minimum Number Of Upper Case Letters: Minimum number of upper case letters for WEBSITE Passwords.

Rules Applying to Both Devices and Website

  • Password Expiry Warning Period in Days: A Password expiration warning will be shown to the user starting from X days before the expiry date of the Password. Shows warnings in both the WEBSITE and Smartphone apps.
    • For the WEBSITE, displays an interstitial page upon logging in allowing the user to change their Password or defer until later.
    • For the smartphone, shows a warning on the home screen once per day and directs the user to visit the WEBSITE to change.
  • Password Link Expiration Days: Days after the Password recovery or new user link is sent until the link stops working. Use 0 for no expiration.

Customizing It For You

Your configuration preferences must be set by TrackAbout Support Staff. Please reach out to TrackAbout Support to communicate your preferred settings.

What to Do if You've been locked out of your Account

TrackAbout Support will not reset user passwords but will refer users to their local TrackAbout administrators for assistance.

The local TrackAbout Administrator will be able to update user accounts through the Internal Users page.

Users with email addresses may perform self-recovery via the "Forgot Password?" link on the Login Page.

Notes

Regardless of where you're establishing a password, do not use colons in the creation.

For web services, the username and password are sent as "username:password", which is a standard HTTP format for sending credentials. You will experience errors if we're parsing the username and password when the password contains a colon.

Keywords

password security format

Retrieved from "https://meta.trackabout.com/w/index.php?title=Password_Security&oldid=7911"