iPassport allows you to customise password complexity settings to force users to include a non-alphanumeric character, number or uppercase letter in their passwords. The settings can be found in ‘User Logon Settings’.
When you are changing your password the system will notify you if your new password does not match the requirements. After the password preferences have been changed, the system will also inform you when you log into the system if your password does not match the new requirements and will prompted you to update it.
Click on the row and check the ‘Block re-use of previous passwords’ preference and click ‘Save’. This will prevent users from setting their password to one which they have previously used in iPassport. It works for both the user change password screen and the administrator’s force password screen.
We have added a password preferences information panel to both the password change and the force password reset form. When your users are changing their passwords they will see guidance on what the requirements are for a new password. This will be displayed on both, the ‘Change Password or Pin’ in ‘Profile’ form and force password reset screen, before they login.
We have added a lockout after maximum failed login attempts.
It’s possible now to set how many times a user is allowed to mistype their password before their account will be locked.
All failed logins are logged in the database and an account administrator will be able to request a report of failed attempts by emailing email@example.com.
When a user’s password is changed, iPassport will send an email to the user to notify them. In case someone else changes the user’s password they will be able to take action with account administrator to investigate why the password was changed.
Two factor authentication allows an additional level of security to guard against password theft. When logging into iPassport, in addition to entering your username and password, you will be sent a code via email. Copy and paste this code into the field in order to access the system. Even if a malicious third party gains access to your login information they will not be able to log into the system as they cannot access your email containing the entry code.
When using two factor authentication you can choose to use code validation each time a user logs in or use the additional code validation to check after a set number of days. For example, you could ask them to verify their identity using the email code once every week. The rest of the time they would login normally.
‘Max Attempts’ decides how many times you can incorrectly enter verification code (the second step) before your account is locked.
Setting ‘Remember Second Factor For (days)’ specifies the number of days before you will be asked to provide a second factor code again. You will not have to enter second factor code between logins for this number of days. Only your login and password will be required.
If ‘Remember Second Factor For (days)’ is set to 0 this will require a second step every time a user logs in.
If enabled then after login you will be directed to a screen containing a ‘Code’ text box. You will be sent an email containing the code that you can use to login to your account.
From the code entry screen you should be able to request that a new code be issued (should the email not get through to you) by clicking on the ‘Resent Code’ button.
‘Single Sign On’ allows you to manage user authentication outside of iPassport and uses different Identity Providers (IdP). The system now supports SAML, ADFS and LDAP authentication.
If your organisation already uses LDAP for other services it’s very easy to configure iPassport to also authenticate users.
We have also updated the login page to give it a new, fresher look. We hope you like it.
If you have any constructive feedback or would like the ticket numbers please email firstname.lastname@example.org
Thank you for being part of the iPassport family,
The iPassport team
P.S. Please click here for Password Complexity Validation Document.