Set up security policies for local users

You can set up security policies for local users on the Users page, Local configuration tab.

You can set up the following policies:

  • Enforce password policy to require a minimum password length

    This is disabled until you select it. The default minimum length is 8 characters

  • Use a passphrase generator to enable a built-in passphrase generator

    The built-in passphrase generator combines words from a dictionary to suggest new passwords. The default number of words in a passphrase is 5, and you can choose any number between 1 and 8.

    If you want to use the built-in passphrase generator, you need to provide a dictionary.

    Dictionary requirements:

    • The dictionary must be a text file with one word in each line.
    • Characters must be UTF-8 encoded.
    • The file must not contain any null characters .
    • Maximum file size is 10 MB.

  • Enforce password reuse policy to restrict password reuse

    This is disabled until you select it. The input fields are blank until you enter a value.

Note: Changes to the security policies only take effect after you restart Meeting Management.

Note: Note that Enforce password policy and Enforce password reuse policy are applied only when users change their own password.

Note: If the passphrase generator is enabled, Meeting Management will suggest passphrases for all users.

  • Use a passphrase verifier to check the quality of user password against a dictionary containing commonly used words, repetitive or sequential characters.

    The list will also include context specific words, such as service name, username, product name, and derivatives.If the user chosen password matches one from the list, the passphrase verifier rejects the password and notifies the user to choose a different value.

    Dictionary requirements:

    • The dictionary must be a text file with one word in each line.
    • Characters must be UTF-8 encoded.
    • The file must not contain any null characters .
    • Maximum file size is 10 MB.

    To enable passphrase verifier:

    1. Scroll down to Use passphrase verifier and check the checkbox.

    2. Click Upload dictionary button and select a text file (.txt) containing a list of passphrases that do not meet the security requirements.

    3. To remove existing dictionary file, click remove.

    Note:
    Meeting Management does not provide a default dictionary. The administrators must define the dictionary and upload it.
    • If a dictionary is present when backing up Meeting Management, it will be included in the backup file. When the backup file is restored, the dictionary will also be restored.

  • Enforce password complexity to check the strength of the password. You may set the level of complexity required in passwords when users create them.

    While adding or editing a local user, if the password set by the user in Add Local User pop-up window does not meet the complexity criteria configured by the administrator, Meeting Management notifies the user to include the necessary character(s) to meet the password strength.This is disabled until you select it.

    While setting up security policies for users, select any or all of the following options in Enforce password complexity:

    • Contain upper-case letters (A-Z)

    • Contain lower-case letters (a-z)

    • Contain at least one number (0-9)

    • Contain at least one special character (!$%^&*()_+|~-={}[]:";'<>?,/)

    To enable password complexity:

    1. Scroll down to Enforce password complexity and enable the Enforce password complexity checkbox.

    2. Select the checkbox options that are necessary in the user’s password.

    3. Click Save.

  • Enforce password expiration to configure the duration (in days) a password can be used. When the password expires, Meeting Management disables the user’s access and notifies them to change the password.

    Once enabled, Meeting Management notifies the user to create a new password when the user logs-in after the current password is expired.

    This is disabled until you select it. The input fields will have 30 days as default value.

    To enable password expiration:

    1. Scroll down to Enforce password expiration and enable the Enforce password expiration checkbox.

    2. Enter the number of days in the Maximum age of password (in days) field.

    3. Click Save.

    4. Restart Meeting Management

    Note: When password expiration is enabled for the first time, all local users passwords will be expired and the users will have to change the password.