Security Configuration
To secure platform accounts and access, the platform provides configurable password policies and system security settings. Administrators can adjust these settings to meet security requirements. All users must comply with the effective policies.
User password policy
Administrators can configure the following policies:
1. Password complexity
Admins can require passwords to include specific character types:
- Uppercase letters (A-Z)
- Lowercase letters (a-z)
- Digits (0-9)
- Special characters (for example
!@#$%^&*)
For example, you can require passwords to contain all four categories, or only a subset.
2. Password length
Admins can set a minimum length requirement. For example, 8 characters or longer.
3. Password expiration
Admins can set a maximum validity period. For example, 90 days. After expiration, users are forced to change their password.
4. Max failed login attempts
To prevent brute-force attacks, admins can configure:
- Max failed attempts: for example, lock the account after 5 consecutive failures.
- Lock duration: for example, lock for 30 minutes, during which login is not allowed.
After the lock duration ends, the account is unlocked automatically.
System security settings
1. Web session management
- Auto logout after inactivity: Admins can configure automatic logout after a period of inactivity. For example, no limit or a specific number of minutes.
2. DM client token validity
- Admins can configure the validity period of DM (Data Management) client access tokens, for example 30 days. After expiration, users must log in again.
Security recommendations
- Follow the password policy: Use strong passwords that meet complexity requirements.
- Rotate passwords regularly: Change passwords proactively before they expire.
- Avoid weak passwords: Do not use easy-to-guess patterns such as birthdays, names, or sequential numbers.
- Protect your password: Do not share passwords or store them where others can easily obtain them.