Set up security policies for local users

You can set up security policies for local users on the Users page, Local configuration tab.

You can set up the following policies:

  • Enforce password policy to require a minimum password length

    This is disabled until you select it. The default minimum length is 8 characters

  • Use a passphrase generator to enable a built-in passphrase generator

    The built-in passphrase generator combines words from a dictionary to suggest new passwords. The default number of words in a passphrase is 5, and you can choose any number between 1 and 8.

    If you want to use the built-in passphrase generator, you need to provide a dictionary.

    Dictionary requirements:

    • The dictionary must be a text file with one word in each line.
    • Characters must be UTF-8 encoded.
    • The file must not contain any null characters .
    • Maximum file size is 10 MB.

  • Enforce password reuse policy to restrict password reuse

    This is disabled until you select it. The input fields are blank until you enter a value.

Note: Changes to the security policies only take effect after you restart Meeting Management.

Note: Note that Enforce password policy and Enforce password reuse policy are applied only when users change their own password.

Note: If the passphrase generator is enabled, Meeting Management will suggest passphrases for all users.

  • Use a passphrase verifier to check the quality of user password against a dictionary containing commonly used words, repetitive or sequential characters.

    The list will also include context specific words, such as service name, username, product name, and derivatives.If the user chosen password matches one from the list, the passphrase verifier rejects the password and notifies the user to choose a different value.

    Dictionary requirements:

    • The dictionary must be a text file with one word in each line.
    • Characters must be UTF-8 encoded.
    • The file must not contain any null characters .
    • Maximum file size is 10 MB.

    To enable passphrase verifier:

    1. Scroll down to Use passphrase verifier and check the checkbox.

    2. Click Upload dictionary button and select a text file (.txt) containing a list of passphrases that do not meet the security requirements.

    3. To remove existing dictionary file, click remove.

    Note:
    Meeting Management does not provide a default dictionary. The administrators must define the dictionary and upload it.
    • If a dictionary is present when backing up Meeting Management, it will be included in the backup file. When the backup file is restored, the dictionary will also be restored.

  • Enforce password complexity to check the strength of the password. You may set the level of complexity required in passwords when users create them.

    While adding or editing a local user, if the password set by the user in Add Local User pop-up window does not meet the complexity criteria configured by the administrator, Meeting Management notifies the user to include the necessary character(s) to meet the password strength.This is disabled until you select it.

    While setting up security policies for users, select any or all of the following options in Enforce password complexity:

    • Contain upper-case letters (A-Z)

    • Contain lower-case letters (a-z)

    • Contain at least one number (0-9)

    • Contain at least one special character (!$%^&*()_+|~-={}[]:";'<>?,/)

    To enable password complexity:

    1. Scroll down to Enforce password complexity and enable the Enforce password complexity checkbox.

    2. Select the checkbox options that are necessary in the user’s password.

    3. Click Save.

  • Enforce password expiration to configure the duration (in days) a password can be used. When the password expires, Meeting Management notifies the user to create a new password when the user logs-in after the current password is expired.

    When there are 7 days or fewer left until password expiry, a warning message will be displayed in the Notifications, notifying the local user of the upcoming password change that is required. However, if the password is expiring within 24 hours or less, an error message will be displayed, requiring the password to be updated immediately. In case password expiry period is configured as 7 days or less, then only error messages will be displayed, and the warning message feature will be disabled.

    If the password is not changed even after receiving the notification, Meeting Management notifies the user to create a new password when the user logs-in after the current password is expired.

    This is disabled until you select it. The input fields will have 30 days as default value.

    To enable password expiration:

    1. Scroll down to Enforce password expiration and enable the Enforce password expiration check-box.

    2. Enter the number of days in the Maximum age of password (in days) field.

    3. Click Save.

    4. Restart Meeting Management

    Note: When password expiration is enabled for the first time, all local users passwords will be expired and the users will have to change the password.

  • Enforce change password for first log-in to ensure secure access by prompting users to change their password on their first log-in.

    When a user logs in for the first time or an administrator resets their password, Meeting Management prompts the user to set a new password, with a message Please set your own password now.. The user has to provide new password twice to confirm that the intended password is correctly configured.