FastTrack360 Version 12 Online Help
Password Policy
The Password Policy is available via selecting Maintenance > Security Section > Password Policy.
The settings in this section provide you with the ability to determine:
the strength of passwords required for login
password reset requirements
login / session requirements
Multi-Factor Authentication, where you wish to impose MFA to particular security roles and user types.
The table below describes the settings in the Password Policy page.
Section | Setting | Details |
---|---|---|
Password Strength | Minimum password length | The minimum length the password must be before it can be saved. |
 | Password must contain at least one:
|
|
Password Reset Settings | Days Before Password Expiry | Value entered is the duration the Agency User’s password is valid for. Where this anniversary occurs, on the next login attempt the user is forced to change their password. |
 | Enforce Password Reset | Where a user has not created their own password, if this setting is ticked, on first login, the system forces the user to change their password. |
 | Apply to User Type(s) | Where ‘Enforce Password Reset’ has been ticked, select the User Type that this rule will apply to. |
 | Password Reuse | Where ticked, a value is entered to determine the amount of times a user cannot repeat a previously used password. For example if the value is 4 (default) the user cannot change their password to a previously used password the next 4 occasions they change their password. |
Login Settings | Disable User Name auto complete | Where ticked the browser setting (Remember Me) will be disabled for the instance on the FastTrack login page. As such the Username and or Password will not be automatically filled. |
 | No of Login Attempts before CAPTCH | Where a number (threshold) is entered in this field, when user attempts to login, if they enter in incorrect credentials, the CAPTCHA pop up is displayed after the threshold number of incorrect attempts has been reached. |
 | No of login Attempts before Locking | Where a number (threshold) is entered in this field, the User will be locked out of the System if they exceed the threshold. For Agency Users within the user record in Maintenance > Users, the the Password Details >’Login Blocked’ field is automatically ticked to prevent the user from further login attempts. For Client Contact / Candidate Users, the login blocked field is also displayed within their records, and can be unlocked by an Agency User to Candidate Online Profile / Contact Online Profile. The login blocked field will need to be manually unticked to provide the user with access to the system. |
 | Locked Login Message | Where a User’s Login is blocked due to exceeding Number of Login Attempts, the message entered here is displayed to the User ie; Account Locked, please contact …. ‘ |
 | Activate Session Timeout | Where ticked, the system will automatically timeout when the system has been idle as defined in ‘Session Timeout Duration’ below. |
 | Session Timeout Duration | Enter in the idle duration (minutes) where ‘Activate Session Timeout’ has been ticked. |
 | Security Question Required | Tick to:
|
 | Override Login for Timesheet Link | Where ticked, overrides login and takes the user straight to the timesheet or timesheet tab where the timesheet notification received by the user contains a Timesheet Link merge tag that is selected. |
Multi Factor Authentication (MFA) Global Settings | Remember Me | Select where you wish to store that the User has successfully authenticated to MFA, and this is remembered for the assigned period of time, thereby avoiding the MFA Authentication screen for that period. |
 | Don’t have device - security question option | Where ticked, the user will be able to select this option in the MFA login page. User will have to answer their Security Question to access the system. Where the country has mandated that users of particular components of the system (for example people who can access payroll data) must have MFA imposed, this option will not display in the MFA login page, as those users must use MFA. |
 | Default Methodology | Determines the default MFA methodology assigned to new user records. Can be TOTP (default) or SMS. To use SMS as an option you must have SMS configured in your environment so authentication messages can be dispatched. |
 | MFA Active Date | Displays the Date that MFA has been activated in your environment. |
MFA Mandatory Permission Items | List | Displays a list of Countries and user types that will have MFA imposed, if the Country has requested MFA compliance where users access personal information. Click on this list item to view a pop up of the permission items that will invoke MFA. If a user has one or more of these permission items, MFA will be imposed. As this is a legislated compliance requirement, this setting is system defined and cannot be changed by an agency. |
MFA Security Roles | List | If, in addition to any Country imposed compliance requirements, you wish to impose MFA on users who have particular Security Roles assigned, use this setting to create your requirements by User Type and Security Role. |
For more information on MFA click here.
Â
Â
Related pages
Classification-Public