QuBAS requires passwords of the following specification (unless using Active Directory where password policy will be set by the central IT administrator):
Minimum 6 characters including all of the following:
· a symbol
· a number
· a lowercase letter
· an uppercase letter
Should a user fail to supply a password to the correct specification they will be prompted to try again with a note of the missing type of character. If more than one type is missing, only one will be identified at each attempt.
The full specification is not displayed to the user on the login screen for security reasons.
Changing a password
Passwords can be changed or reset by requesting the change at the login screen or by clicking the link on the user profile:
An email will be sent to the user's email address with a link to follow to create a new password.
Forcing a password change
An administrator can force a user to change a password by resetting the password in the Admin Room:
Selecting Reset password will delete the current password preventing access, and send a new invitation email to the user.
Password ageing
Password ageing can be set in the System tab:
Select Settings
Setting this to 0 results in passwords never expiring.
Multiple false passwords
If a user tries to log in with an incorrect password more that 3 times, the account is locked and the administrator informed.
