Figure: Setting of the password requirements
As an administrator, you can define requirements in this section that all BL Banking Web users must comply with when assigning a password. This allows you to ensure that users assign secure passwords and change them regularly. By default, no specifications apply, i.e. passwords can consist of any single character and are valid indefinitely.
The minimum for passwords length is one, there is no upper limit. It is not possible to switch off password entry.
Use the checkboxes to define requirements for the composition of a password consisting of letters, numbers and special characters. The requirement At least one letter can be distinguished according to lower and upper case. If you set all three letter checkboxes, passwords must contain two letters, one lowercase letter and one uppercase letter. By setting all at-least-checkboxes, passwords consist of four characters, regardless of a defined minimum length.
You can enter the number of days after which the password expires and a new one must be assigned. Zero means that the password never expires. One means that all users must change their password daily or the next time they log in. When confirming the value 1 the system settings are closed and you are prompted to change the password yourself.
You can specify how often a new password must be assigned before a previously used password can be reassigned. Zero means that used passwords are not checked when the password is changed.
Changed password requirements apply from the next password change. A password that does not meet the new requirements can still be used until then.
By default, a user is locked after the fifth failed attempt if he tries to log in with incorrect user data or sign in the VEU in quick succession. Once a user has been locked, he can no longer sign and a login is rejected with the message The user was locked. Locking after failed attempts also applies to administrators and managers. You can change the number of failed attempts that lead to a user lock. With the value 1, every incorrect entry is punished with a lock. Set the value higher to allow at least one incorrect attempt. For security reasons, the check cannot be switched off.
If a legitimate user accidentally entered his login details or signature incorrectly, you as an administrator or manager can reset the user's failed attempt counter in the User administration.
Figure: Setting of the password requirements