Password security settings

After logging in to the portal with your administrator account, click to enter the "Management" > "Security" > "Security Configuration" page and select the "Password Security Settings" tab. Note that the password security settings here are only valid for the built-in account system of iPortal.

Password anti-violence crack settings

The SuperMap GIS server supports setting the times of incorrect password entering in a specific time range to prevent violent cracking. Take the default anti-violence crack settings as an example, which needs to be enabled, if the user enters his password incorrectly five times in 10minutes, the account will be automatically locked.

To configure the anti-violence crack settings (disabled by default), fill the fields:

  • Lock period (minutes): The time for detecting the number of consecutive failures, defaulting to 10 minutes
  • Error count in period: the maximum number of consecutive failures. The account will be immediately locked if the trying time exceeds this number. The default is 5.
  • Lock time (minutes): The waiting time to unlock the account. The default is 20 minutes. You can set it with a longer time for a high-security level requirement.

If the account is locked, contact the administrator to unlock it.

Non-repeatable previous N password setting for new password

If you configured this setting, it requires the new password user-entered can't be the same with any of the previous N passwords. The default value is 5, which includes the current password.

Reset password settings

To prevent security risks if a user does not change the password for a long time, the administrator can customize the scenarios in which the user needs to reset the password, including:

  • Reset password when the first login: After this function is enabled, users added by the administrator must reset their password when logging in to the portal using the password assigned by the administrator for the first time.
  • Reset password after reset by admin:  After this function is enabled, if the password was reset by the administrator, the user needs to reset the password when logging in to the portal using the password assigned by the administrator.
  • Reset the password after expiration: After this function is enabled, the administrator can set the password validity period (unit: day). When the password is expired, the user needs to reset the password.

 

When you have finished the settings, click the Save button to take effect.

Update password regularly

To protect the security of your account, we recommend that you change your password regularly. To modify your password, enter the Personal Center>My Profile page, click the Edit My Profile button, and select the Modify Password tab on the left to enter the Modify Password page. On the right, enter your Old Password, New Password, confirm the new password, click the "Save" button to complete the modification.

Note: The password update method above is only valid for the built-in account system; not applicable for a third-party account system, such as LDAP, Keycloak, etc.