Security>>Security Settings>>Password Configuration
Access to HRplus is restricted through password control. Each user logs in with a user ID and password, which the application tracks. The strength and complexity of passwords are user-defined and affect the security level required for accessing HRplus.
Password Configuration Management: Setup, view, edit, and delete password configurations. This is the responsibility of the Database Administrator or Master User, who should:
Plan and align security measures with company policies and goals.
Implement policies to ensure all passwords are kept private.
Passwords should never be written down or shared.
Use random, non-common information (avoid using names, dates of birth, etc.).
Passwords should ideally contain at least one special character, one capital letter, one number, and be at least 8 characters long.
Capital letter required: Select Yes if the password is required to contain a minimum of 1 upper
case letter (A-Z). Otherwise, select No.
Change Default Password: Select Yes if the user is required to change their default password.
Common Letter required: Select Yes if the password is required to contain a minimum of 1 lower case letter (a-z). Otherwise, select No.
Number required: Select Yes if the password is required to contain a minimum of 1 numeric character (0-9). Otherwise, select No.
Password Expiry Date:
If ‘Yes’ is selected, enter the number of days after which the Password will expire in the value field.
If ‘No’ is selected, then the password will not expire i.e. it can be used as long as an employee remains a valid user.
Password Expiry In-App Popup Notifications: Select Yes if a pop-up message is required to prompt the user, on logon, to change his/her password. The message is displayed based on the number of days in the Value field.
Password Expiry Reminder:
If ‘Yes’ is selected, enter the number of days in advance you wish the reminder to be sent to HRplus users in the value field. The reminder will be sent to the users’ email address.
If ‘Yes’ is selected and no value is entered then, by default, the reminder will be sent via email 5 days before the password expiry date.
If ‘No’ is selected, then no reminder will be sent to users. On the password expiry date, users will be prompted to enter a new password.
Password Length: Select Yes if the password must be by default 8 characters in length, but can be much longer. Otherwise, select No.
If ‘Yes’ is selected, then users will not be able to reuse (re-enter) old (passwords that have been used before) or existing passwords.
If ‘No’ is selected, then a user’s previous and current passwords can be reused any number of times.
Special Character Required: Select Yes if the user is required to contain a minimum of 1 special character. E.g. ~`!@#$%^&*()-_+={}[]|\;:"<>,./?. Otherwise, select No.
If ‘Yes’ is selected then:
Enter the number of minutes after which the Two factor Token will expire, if the user does not login within this time.
In addition to entering a password on the login screen, users will also be sent, via email, a PIN which is also to be entered .
In the example below, 10 minutes is entered. The first time a user logs in with their username and password, they will be prompted to enter the PIN sent via email.
If the user does not enter this pin within 10 minutes from when it was sent, then a new pin will be required.
If the user logs in successfully and then logs out, if they decide to log back in within the 10 minute period after the pin was sent, then they will not be asked to enter a new pin.
If the user logs in successfully and then logs out, if they decide to log back in after the 10 minute period, then a new pin will be sent to their email address.
Once you have entered your chosen configuration options, click on the Submit button to save.
The HRplus app will be updated to always reflect the options that have been enabled (those for which Yes is selected).
Two Step Verification (2SV) works by adding an additional layer of security to your HRplus Software accounts. It requires an additional login credential – beyond just the username and password – to gain account access. 2SV helps protect you by making it more difficult for someone else to sign in to your account. Even if someone else finds your password, they'll be stopped if they don't have access to your email info. This is also why it's important to use different passwords for all your accounts.
Cons vs. Pros
Cons:
Increased login time – Users must go through an extra step to login into an application, adding time to the login process.
Pros:
Improved security – 2SV reinforces security by making it more difficult for intruders to gain unauthorized access, even if a perpetrator gets past the first authentication step.
Recommendations:
Email used should be company emails.
Set up a short expiry time for token to ensure that the token is required at every login.
Individual email addresses should be used instead of group email addresses. This is to ensure that only the specific user will receive the secret key.
Increased productivity & flexibility – enables businesses and public institutions to be more productive and efficient, allowing employees to perform remote tasks with far less security concerns.
Two Step Verification can be turned on via Security>>Password Config however, there are a few prerequisites which must be conducted prior to turning on 2SV.
Step 1: Ensure email server is setup
Step 2: Users are required to have an email address associated with their User ID Step 3: Toggle 2SV On
Navigation: System Configurations>>Company Parameters>> System Constants>>Mail Server
The following connection details can be used to configure the email server.
If you have your own mail server information complete the form below and save the record with the saved icon.
If you are required to use our mail server settings, please contact us at helpdesk@hrplus.net.
After the configuration is complete, it is important to test that the users can receive emails. Enter an email address in the section "Test Email Address" and select the option "Send Test Email". You will get a prompt indicating that an email was successfully sent. Check your inbox to confirm that
the test email was received.
Navigation: Security>>User Administration>>Search for User ID
Ensure that all employees have a valid email address.
Add or edit email address if same is missing
The user Email address is extremely important as turning 2SV on will prompt a PIN to be sent to the user’s email address. Failing to include the user’s email address will lock the user out of the
application as there will be no way for the user to receive the PIN.
Navigation: Security>>Password Config>>Two Factor Authentication
The System Admin is the only user with access to the Security Module and they are responsible for turning 2SV on. To do so, the ‘yes’ toggle must be selected, then submit the form to save the changes. The value can also be changed to the number of minutes a user will be able to log back into the application without requiring a PIN.
For additional information on how to log in using this feature, please consult the article How to
Login Using 2 Factor Authentication?
You can turn off this option by simply selecting the option "No" in the configuration
Security>>Security Setting>>Password Config>>Password Expiry In-App Popup Notification/
Password Expiry Reminder
The following two (2) features allows user's to enable/disable password expiry notifications:
Password Expiry In-App Popup Notifications (Days in Advance): once enabled, this feature triggers a pop-up message that prompts the user, on logon, to change his/her password. The message is displayed based on the number of days in the Value field.
Password Expiry Reminder: when enabled, reminders (up to 3) are sent to alert users of impending password expiry. The reminders are sent, in advance, based on the number of days in the Value field. Up to three (3) reminders can be set up, with the values (days in advance) entered in the Second Reminder and Third Reminder fields.
Value: Number of days in advance for, password reset notification prompt.
Second Reminder: Number of days in advance for, second password reset notification prompt.
Third Reminder: Number of days in advance for, third notification password reset prompt.
Enabled: Select "Yes" if the Password Expiry feature is to be used . Select "No" if this feature is not being used.
Home
Home>>Notifications
User Email Account>>Password Expiration Notification