How can I set up password principles?
In your billwerk you have the possibility to apply settings to account passwords which will be effective for all users of this account.
The following settings can be applied to the passwords:
Minimum length for passwords
Password entropy
Allowed failed logins
Period for password changes
Maximum period that a password can be used
Password principles configuration
To set the configuration for your password principles please click on your e-mail address in the upper right corner and choose Account. In the menubar on the left choose User Accounts and afterwards the tab Security Settings.
The first option within the security settings is to define the minimum length of a password.
In the second field you can set the entropy for the password. An entropy determines the complexity of a password and is a mathmatic measure in bit.
Example: A password with 42 bits of strength would require 2^42^ (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. See https://en.wikipedia.org/wiki/Password_strength for more details.
With the option Allowed failed log-in you can set the value for possible failed log-in attempts before a user get's locked. If this value is exceeded the user is locked for 30 minutes. He receives an e-mail with a link which leads to the billwerk login page. Also the user gets unlocked directly after clicking the link and is able to log in again.
In the last two steps you can set the period in which passwords need to be renewed and how long a password is valid. For that please set a value after how many days a user is requested to change his password in the field
Password must be changed after. In the field Password cannot be used after you can also define after how many days a password will automatically turn invalid if it hasn't been changed within this period yet.