NS1 offers advanced password and session management protocols to help strengthen account security. This article provides an overview of these changes and instructions for accessing and implementing advanced features.
By default, the only requirement for a password is that it is at least eight characters long. Account admins can request to enable strict password requirements for all users.
Enhanced password strength requirements include:
Minimum password length of 12 characters
No leading or trailing spaces (Note that spaces between characters are permitted; 8 maximum)
At least 1 uppercase character
At least 1 numerical character
At least 1 special character (eg. !, #, @, $)
To request password strength requirements for all users associated with your account, contact firstname.lastname@example.org.
By default, there are no restrictions preventing users from setting a password that matches a previously-used password.
Account admins can request advanced, custom password restrictions where they specify the number of recent passwords used that cannot be re-used when a user sets a new password.
Note: Password backlogging begins upon activating advanced password reset requirements. Any passwords used prior to activating the advanced feature are not included on the restricted list.
To enable advanced password reset restrictions, contact email@example.com.
There is a 24-hour session timeout and a 30-minute idle timeout for all portal users. Account admins can request additional controls over session management.
Additional session management controls include:
Enforce a maximum number of active sessions per user. (Default is 10)
Specify the amount of time for which a session will be allowed to remain idle. Once a user exceeds the idle time, they will be logged out. (Default is 30 minutes)
Specify the amount of time for which a session will remain open—regardless of whether the user is idle or active. (Default is 24 hours)
It is important to make your users are aware of these timeout settings, and that they are saving updates frequently to avoid losing work.
To enable additional session management controls, contact firstname.lastname@example.org.