We have implemented several additional security features in EWS. They are generally related to password requirements.
The new changes can be found in EWS System Settings. You can either access them from the desktop application on the server or within EWS by going to HR Staff> System Settings.
For on-premise users the new settings can be found on the security tab:
For MIP Cloud, Dedicated Cloud (AWS) and users without access to the server, the Security &Login Options is where you will need to update these settings. The new features will look like this:
The added options will be the Days Before Password Expires, Maximum Login Attempts, Locked Account Duration, Password Check Delay and Integration Key.
Days Before Password Expires: This allows you to set how long an employee can use the same password before it expires and must be changed. The default value is 90 days with a lower limit of 30 days and a maximum of 365 days.
Maximum Login Attempts: This limits how many times an employee can attempt to login unsuccessfully before they are locked out. The default value, and minimum, is 3 attempts with a maximum value of 5 attempts.
Locked Account Duration: This setting is related to the previous and controls how long an employee is logged out before they can attempt to login again. The default value is 15 minutes which is also the minimum with a maximum value of 120 minutes.
Password Check Delay: This setting controls the delay between failed login attempts. The value selected is the mandatory delay between how often a user can attempt to login. The default value is 5 seconds but has a range of 3 to 8 seconds. This setting will directly mitigate the affect of brute force attacks.
Create New Integration Key: This button will generate an integration key that can used to integrate software with EWS. Additional information on this function will be forthcoming.
The last new change that cannot be edited are the updated password requirements. When creating a new EWS user or once an existing user's password needs to be changed, they will see the following screen listing the updated password requirements:
The new password requirements are:
*At least 12 characters.
*At least one uppercase letter.
*At least one lowercase letter.
*At least one number.
*At least one special character (#@!%$^*&()_+|~-=\`{}[]:;<>./)
*Cannot match one of your three most recent passwords.