Required security profile permissions: Security Profile Edit
When you create a new security profile or edit an existing one, you can set the complexity of the passwords of users with that security profile, including how often the users must change the password. An indicator at the bottom of the Password Policy modal displays the strength of the passwords required of users with the security profile. You can require users with the security profile to log in with multi-factor authentication for added security.
- Prevent Password Reuse
- Prevents users from setting the same password twice within a certain number of password changes. It enables the History setting bar, which specifies the number of passwords NICE inContact must look back on the user account when it determines whether the user is repeating a password. For example, if you enable Prevent Password Reuse and set the History to 10, users with the security profile cannot use a password they have already used within the last ten times they set a password on the account.
- Limit Login Attempts
- Limits users to a certain number of login attempts before they are locked out of the system. It enables the Attempts Allowed setting bar, which specifies the number of login attempts users are allowed. For example, if you enable Limit Login Attempts and set Attempts Allowed to 4, a user can unsuccessfully attempt to login four times before he is locked out and must contact the appropriate person in your organization to reset the password.
- Password Expiration
- Limits the number of days users can keep a password before having to change it. It enables the Maximum Age (days) setting bar, which specifies the number of days users can have a password before they must set a new one. For example, if you enable Password Expiration and set Maximum Age (days) to 30, users with the security profile must change their passwords every 30 days.
- Generate Random Passwords
- If selected, generates random short-term passwords when users reset their passwords and enables the Random Password Life (hours) setting bar, which specifies the number of hours users have before they must change it to a password of their own. For example, if you enable Generate Random Passwords and set Random Password Life (hours) to 48 and a user resets the password, NICE inContact emails a random password to the email address in that user's account. The user has 48 hours to log in with that password and change it.
- Prevent Common Passwords
- Prevents users from using common passwords like 'password' or '12345'.
- Require Multi-factor Authentication
-
Requires users with the security profile to enter a multi-factor authentication (MFA) token in addition to a password to log in to NICE inContact. The easiest way to enable users to use MFA is to provide a cell phone with an appropriate MFA application like Google Authenticator. When you enable MFA, users with the affected profile must configure an MFA secret key the next time they log in. The code associated with the user typically changes every 30 seconds. The application on the device displays the code as it changes over time.
As a best practice, it is recommended that you do not enable MFA for the master administrator in your organization. If the device or secret is lost, the only way to reset the MFA secret is to file a ticket with NICE inContact.
- Password Complexity
- Specifies the character requirements of the password. It enables the following settings bars:
- Minimum Lower Case (a-z) — Sets the minimum number of lower-case characters users with this security profile must include in their passwords. For example, if you set it to 1, users must include at least one lower-case character in every password.
- Minimum Upper Case (A-Z) — Sets the minimum number of upper-case characters users must include in their passwords. For example, if you set it to 2, users must include at least two upper-case characters in every password.
- Minimum Numeric (0-9) — Sets the minimum number of numeric characters users must include in their passwords. For example, if you set it to 1, users must include at least one number in every password.
- Minimum Non-alphanumeric (!,@,#,etc.) — Sets the minimum number of symbols users must include in their passwords. For example, if you set it to 2, users must include at least two symbols in every password.
- Minimum Length — Sets the minimum number of total characters users must include in their passwords. For example, if you set it to 9, users must include at least nine total characters in every password. The characters required in the other Password Complexity settings count towards the total character count.
- Password Policy Strength
- Indicates visually the strength of the passwords you require for this security profile. The indicator box displays a blue bar to visually indicate the strength of the password, and is it accompanied by a written indicator of the strength, which is one of Very Weak, Weak, Standard, Strong, or Very Strong.
