NS1 offers advanced password and session management protocols to help strengthen account security. This article provides an overview of these changes and instructions for accessing and implementing advanced features.
Enhanced password strength requirements
By default, the only requirement for a password is that it is at least eight characters long.
Account admins can request to enable strict password requirements for all users.
Enhanced password strength requirements include:
- Minimum password length of 12 characters
- No leading or trailing spaces (Note that spaces between characters are permitted; 8 maximum)
- At least 1 uppercase character
- At least 1 numerical character
- At least 1 special character (eg. !, #, @, $)
To request password strength requirements for all users associated with your account, contact email@example.com.
Password re-use restrictions
By default, there are no restrictions preventing users from setting a password that matches a previously-used password.
Account admins can request advanced, custom password restrictions where they specify the number of recent passwords used that cannot be re-used when a user sets a new password.
Note: Password backlogging begins upon activating advanced password reset requirements. Any passwords used prior to activating the advanced feature are not included on the restricted list.
To enable advanced password reset restrictions, contact firstname.lastname@example.org.
There is a 24-hour session timeout and a 30-minute idle timeout for all portal users.
Account admins can request additional controls over session management.
Additional session management controls include:
- Maximum number of active sessions allowed per user. (Default is 10)
- Amount of time for which a session will be allowed to remain idle. (Default is 30 minutes)
Note: Once a user exceeds the idle time, they will be logged out.
- Amount of time for which a session will remain open—regardless of whether the user is idle or active. (Default is 24 hours)
Note: It is important to make your users are aware of these timeout settings, and that they are saving updates frequently to avoid losing work.
To enable additional session management controls, contact email@example.com.