This documentation supports the 21.3 version of Action Request System.

To view an earlier version, select the version from the Product version menu.

Enforcing a password policy introduction

AR System  ensures that passwords are always encrypted. An SHA-256 hash of passwords is stored in the database, ensuring that the system (and so the reader of the database) cannot retrieve passwords. In addition, you can enforce a password policy with the User Password Management Configuration form.

User Password Management Configuration form

The password management feature is preconfigured when you install Encryption Security , but it is not enabled. This section describes how to enable and use the feature.

With a password policy, you can:

  • Force all users or individual users to change their passwords when they use a browser
  • Enforce restrictions on passwords [Health Insurance Portability and Accountability Act (HIPAA) standards are shipped as the default restrictions.]
  • Set up password expiration with scheduled warnings
  • Disable an account after the expiration period
  • Enable users to change their passwords at will

If your system uses external authentication (through the Cross Ref Blank Password option), be careful if you enforce password policy with the User Password Management Configuration form. The policy should be enforced only for users whose passwords are stored in the User form. 

For information about the Cross-Reference Blank Password feature used with external authentication, see Cross-referencing blank passwords.

Was this page helpful? Yes No Submitting... Thank you