With UseResponse you can set up password expiration period, different password and captcha security levels for end-users and your team members. All policies are managed under administration account in Administration » System » Security.
Password Security Policy is available only for Enterprise customers.
UseResponse provides the following password security levels:
- Default - each password should contain minimium 3 characters. This level is assigned to all roles in the system by default and allows unlimited number of failed login attempts;
- Low - password lenght should be at least 5 characters. Users with low security level would have 10 attempts to login with wrong password;
- Normal - any password should contain minimum 8 characters including numbers and users would have 5 failed password attempts;
- High - each password must be a combination of special characters, digits, upper and lowercase letters with minimum 8 number of characters. Users would be blocked for 30 minutes if they exceed 3 failed password attempts.
You can change each security level according to your requirements by clicking Edit icon next to required level.
Once password levels are specified, please go to Administration » Roles & Groups » Roles and assign specific security level to each role.
While registration or password reset, any user will be forced to meet security requirements set up for its role.
UseResponse provides the ability to specify when passwords should expire and restrict password repeating.
By default passwords are set to never expire. If you want to change expiration policy, in Administration » System » Security select required period of time (1, 3, 6, 12 months) after which passwords should be changed.
If you want to prevent your users from recycling old passwords, you can leave default "No" value for "Allow Old Password" setting.
So when user's password expires, the user would be forced to set a new one while trying to log in the comminity. UseResponse will alert whether the user doesn't meet security level requirements or tries to set the previously used password.
Ability to manage password security levels is available only in Enterprise package.
Captcha Security Levels
If you allow your customers to submit new requests anonymously, you might want to prevent your community from spamming.
Captcha setting is enabled by default In Administration » System » Security. You can define required captcha security level and force customers to validate that they are humans by entering Captcha only once (Low Security Level) within one browser session or every time (High Security Level) before submitting new requests without registration.
UseResponse provides additional tools to reduce spam in your community:
- a user can add only one ticket, post or comment per minute. This restriction also works via API;
- if there is high user's activity, the system will require the user to show Captcha to pass verification test while submitting a new request;
- in case user increases the activity even more, the system will ban user's account and block his IP address.