Welcome to the Janison Insights help portal
Settings
Password policy settings in Janison Insights can be customised. This includes settings related to:
Important
To ensure your Janison Insights site has a strong password policy, it is recommended you keep at a minimum the default password settings that were in place when your site was first set up. You may choose to make the password settings even stronger by using the details below.
To change password policy settings for your site:
On this screen you can make changes detailed in the topics below.
This section can be used to adjust how complex passwords must be.
# | Setting | Description |
---|---|---|
A | Don’t generate passwords – they must be set manually | If this option is selected there are no requirements for passwords to meet any complexity rules. |
B | Passwords must meet minimum complexity | If this option is selected, passwords must meet the minimum requirements specified in the rest of this section, as outlined below. The specified minimum complexity requirements must be met when passwords are created or changed. |
C | Minimum password length | A numerical value is required in this field, to enforce the minimum length of a password. |
D | Require an upper case letter | If this checkbox is selected, at least one upper case letter is required to be used in the password. For example: A B C etc. |
E | Require a lower case letter | If this checkbox is selected, at least one lower case letter is required to be used in the password. For example a b c etc. |
F | Require a number | If this checkbox is selected, at least number is required to be used in the password. Ie. one of the following: 0 1 2 3 4 5 6 7 8 9. |
G | Require a symbol | If this checkbox is selected, at least one number is required to be used in the password. For example, symbols such as: ~ ! @ # $ % ^ & * ( ) _ + : \ ” ; ‘ < > ? , . / { } | [ ] \ |
H | Use generated password strength hint | If this option is selected, the hint message shown to Users changing their password will contain the default text. This option should be selected if the complexity rules are left as the system default. The following hint would display on the Change Password screen: |
I | Use custom password strength hint | If this option is selected, a custom hint message can be created by entering text into the associated field. This option should be selected if the complexity rules have been changed and the hint needs to be changed to match. For example, if the minimum password length was changed to 12 characters, the hint could be changed to: This hint would then display on the Change Password screen: |
This section can be used to adjust whether the system generates passwords for users or if a User must set their own password.
# | Setting | Description |
---|---|---|
A | Don’t generate passwords – they must be set manually | If this option is selected Users must set their own password manually when logging in. |
B | Generate Passwords | If this option is selected, the system will generate passwords for Users, based on further selections below. Generally this option is used only for assessment events, where candidates are never meant to log in to Janison Insights. They instead will self-register for a test, take the test and submit their answers. For more information on candidate self-registration, see the Self-registration form section. Generated passwords can be used in conjunction with the Reveal passwords option below, to allow a user with an appropriate role (eg. Test Manager, Delivery Manager, Invigilator) to provide a candidate with the password they need to use when logging in to take their test. |
C | Generate randomly (with same minimum complexity as above) | If this option is selected, the system will generate passwords for Users based on the settings in the Complexity rules expandable section on this screen. This option becomes available if the Generate Passwords option is selected. |
D | Generate from dictionary | If this option is selected, the system will generate passwords based on the words that are entered in the Password dictionary field. |
E | Password dictionary | Enter dictionary words separated by a semi-colon into the Password dictionary field. The system will use these words to generate passwords for Users. |
This section can be used to adjust if and when users’ passwords will expire. A User will need to set a new password if their password expires. It is possible to set different expiry periods per role in the system.
# | Setting | Description |
---|---|---|
A | Minimum password change interval (days) | Used to set the length of time that must pass after a User changes their password before they can change their password again. For example entering 1 into this field means a User must wait a day between changing their password and changing it again. Entering 2 means a User must wait 2 days between changing their password and changing it again. For example, if the minimum password change interval was set to 30 days, users will see the following message if they attempt to change their password less than 30 days after having previously changed it. Tip The text presented in the change password message above can be customised if required by using the string resources feature in Janison Insights. See the String resources section for more information. |
B | Authentication required when changing user sensitive data (e.g. Password) | Used to request that a User with relevant role permissions enters their password in order to make changes to the password of another User. For example, when changing a Candidate’s password, an Administrator would need to enter their password to confirm their identity and save the change: |
C | Passwords never expire | Selecting this option means there is no requirement for Users to change their passwords. Users will still be able to change their passwords, but will not be forced to do so. |
D | Passwords must be changed after a period | By selecting this option and entering a number of days in the Default validity period (applies to all roles, unless overridden in the table below) field, you can specify how often the system will force Users to reset their password. For example, Users will see a message like the following when their password expires and they need to set a new password: Tip The text presented in the password expiry message above can be customised if required by using the string resources feature in Janison Insights. See the String resources section for more information. |
E | Default validity period (applies to all roles, unless overridden in the table below) | Used in conjunction with the Passwords must be changed after a period option to specify how often the system will force Users to reset their password. The number of days entered here is the default number that applies across all roles in the system, except any roles that have had a specific amount of time set using the Password validity period set for specific role option. |
F | Password validity period set for specific role | Used to set how often the system will force Users with a specific role to change their passwords. This is done by:
|
This section can be used to allow some or all User passwords to be visible in the list of Users found under Manage People > Users.
Tip
For security reasons, it is recommended that password hashing (ie. the transformation of passwords into scrambled versions) is enabled across all passwords in Janison Insights. The system cannot reveal any passwords for which password hashing has been enabled.
If password hashing has been enabled, a message will display in the Reveal Passwords expandable section notifying you of the roles for which the system will not reveal passwords. For example:
# | Setting | Description |
---|---|---|
A | Never reveal passwords | This option is used to specify that no passwords are to be shown in the list of Users. |
B | Reveal some passwords | This option is used in conjunction with one or more of the checkboxes below to specify which passwords can be revealed the list of Users. The following two configurations are also needed for passwords to show in the list of Users:
The following image shows an example of how a User’s password displays: |
C | Reveal passwords that were generated from dictionary | Can be used to set passwords that were generated from a dictionary by the system to display in the list of Users. This checkbox becomes available when Reveal some passwords is selected. This option is related to the Password generation section above. |
D | Reveal passwords that were set by someone else | Can be used to set passwords that were created by someone other than the User to display in the list of Users. This checkbox becomes available when Reveal some passwords is selected. |
E | Reveal passwords that were randomly generated by the system | Can be used to set passwords that were randomly generated by the system to display in the list of Users. This checkbox becomes available when Reveal some passwords is selected. This option is related to the Password generation section above. |
This section can be used to control whether a user can use previous passwords when changing or resetting their password.
# | Setting | Description |
---|---|---|
A | Allow users to set new passwords that they have used previously | This option is used to allow Users to use any password they have used previously. |
B | Don’t allow users to set new passwords that they have used previously | This option is used to force users to use a password they have not used before. Can be used in conjunction with the Number of passwords in history field below to control when a user can use a previous password. If this option is selected and a user attempts to reuse a previous password, a message like the following will display: |
C | Number of passwords in history | Can be used to set the number of passwords the system stores for a User, to check against any new password the User creates. This field becomes available when the Don’t allow users to set new passwords that they have used previously option is selected. For example, if the Number of passwords in history value is set to 3, the User needs to create a unique password the first three times they change or reset their password. On the fourth change of password, the User will be able to use the same password they used when setting their password for the first time. |
1300 857 687 (Australia)
+61 2 6652 9850 (International)
ACN 091 302 975
ABN 35 081 897 494
© 2024 Janison
Janison acknowledges the traditional owners of the land on which we work and meet. We acknowledge the continuous care of the land, animals and waterways. We pay our respects to Elders past, present and emerging.