Password Strength

(AX-3.8 only) A container with five properties that define the minimum characters/types required in station user passwords. Any future user additions or edits of any user’s password will require an entry that meets these minimum specifications, otherwise an “error” popup dialog results. For further details, see Password Strength (AX-3.8).

or

Require Strong Passwords

(pre-AX-3.8 only) Either true (default) or false—note the default in AX-3.7 has always been true. If enabled (true), which is strongly recommended, any future user additions or edits of any user’s password will require entry of a “strong password,” otherwise an “error” popup dialog results. If set to false, in AX-3.7u1 any password is valid. For further details, see Require Strong Passwords (AX-3.7).

Lock Out Enabled

Either false or true (default). If enabled (true), then a number of consecutive authentication failures will temporarily “lock out” login access to that user account, for the duration of the lock out period (next property). Using lock out makes it difficult to automate guessing of passwords.

Each user also has a “Clear Lock Out” action. See Lockout notes.

Lock Out Period

Default is 10 seconds, adjustable to any duration in hours, minutes, seconds. If lock out is enabled, then this is the period of time a user account is locked out before being reset. While locked out, any login attempt (even a valid one) will be unsuccessful.

Default Lock Out values are intended to guard from an automated “brute force” password attack, where a computer application might issue hundreds of login attempts in a second. The 10 second latency is typically sufficient to thwart such an attack, as it must wait 10 seconds upon each unsuccessful 5 login attempts. If deemed necessary, you can adjust to guard against “human attack”.

Max Bad Logins Before Lock Out

Default is 5, adjustable from 1 to 10. If lock out is enabled, in conjunction with the “Lock Out Window”, this specifies the number of consecutive failed login attempts that trigger a lock out for a user.

Lock Out Window

If lock out is enabled, and the number of “Max Bad Logins Before Lock Out” occurs within this window of time, the user is locked out for the “Lock Out Period” duration. The lock out window default is 30 seconds, and is adjustable to any duration up to 1 day.

Changes to lock out properties are enforced on the next login attempt for any user. For example, suppose “max bad logins” is set to 5, and user “ScottF” has failed to log in 4 times within the lock out window. Suppose an admin-level user now changes “max bad logins” to 3. This does not lock out user “ScottF”; user ScottF still has one more chance to log in before getting locked out. If that login attempt fails, ScottF will be locked out, since 5 failed attempts is greater than or equal to the max bad logins setting (3).