Password Security

By default, FintechOS can log into the FintechOS Studio by using FintechOS credentials: username and password. After successfully logging in, users can access the FintechOS resources based on the privileges granted by the security role assigned.

FintechOS has various options in place to ensure password security:

  • prevent users to log in using a wrong password
  • set the password to expire
  • allow users to recover their password
  • set password complexity
  • forbid users setting their password matching previous passwords
  • forbid users logging in with expired passwords
  • lock users who have been inactive for a specific number of days

In order to comply with any password policies that might be enforced within your organization, you can customize the FintechOS password complexity either from the web.config file (see section Global Password Complexity Settings) or by using server scripting (see section Customize Password Complexity Rules using Server Scripting).

When users will choose to reset their password, an email is sent to the email address associated with their FintechOS account. FintechOS offers a default email template that is used for password reset. It’s easy to customize the default email template, or by using server scripting .

If the Forgot Password feature has been activated, users will be able to reset their password from the login page by providing either their emails address or their username.

In addition to the forgot password security, you can also forbid access for users who have been idle for a specific period of time.

Locked account

If users enter a wrong password multiple times, reaching the maximum number of retries (that is, 5), their account will be locked.

To unlock their account they should contact their FintechOS admin to unlock their account. After the account is unlocked, they will be able to log in using the last password (if they remember it) or recover the password if they forgot it.

Password expired

If the password is expired, a message displays on the login page notifying the user that the password. It also provides the user with the option to reset the password.

NOTE  This feature is available only for EBS Authentication Provider.

Related Topics Link IconRelated Topics