Security (Settings)

Security (Settings)


Security Settings

Security>>Security Settings>>Password Configuration

How to set up Password Configurations



Password Configuration

Access to HRplus is restricted through password control. Each user logs in with a user ID and password, which the application tracks. The strength and complexity of passwords are user-defined and affect the security level required for accessing HRplus.

Password Configuration Management: Setup, view, edit, and delete password configurations. This is the responsibility of the Database Administrator or Master User, who should:

  • Plan and align security measures with company policies and goals.

  • Implement policies to ensure all passwords are kept private.

    Best Practices for Password Security:

  • Passwords should never be written down or shared.

  • Use random, non-common information (avoid using names, dates of birth, etc.).

  • Passwords should ideally contain at least one special character, one capital letter, one number, and be at least 8 characters long.


    Capital letter required: Select Yes if the password is required to contain a minimum of 1 upper

    case letter (A-Z). Otherwise, select No.

    Change Default Password: Select Yes if the user is required to change their default password.

    Common Letter required: Select Yes if the password is required to contain a minimum of 1 lower case letter (a-z). Otherwise, select No.

    Number required: Select Yes if the password is required to contain a minimum of 1 numeric character (0-9). Otherwise, select No.

    Password Expiry Date:

    • If ‘Yes’ is selected, enter the number of days after which the Password will expire in the value field.

    • If ‘No’ is selected, then the password will not expire i.e. it can be used as long as an employee remains a valid user.

    Password Expiry In-App Popup Notifications: Select Yes if a pop-up message is required to prompt the user, on logon, to change his/her password. The message is displayed based on the number of days in the Value field.

    Password Expiry Reminder:

    Set up Password Configurations




    • If ‘Yes’ is selected, enter the number of days in advance you wish the reminder to be sent to HRplus users in the value field. The reminder will be sent to the users’ email address.

    • If ‘Yes’ is selected and no value is entered then, by default, the reminder will be sent via email 5 days before the password expiry date.

    • If ‘No’ is selected, then no reminder will be sent to users. On the password expiry date, users will be prompted to enter a new password.

      Password Length: Select Yes if the password must be by default 8 characters in length, but can be much longer. Otherwise, select No.

      Password Reuse:

    • If ‘Yes’ is selected, then users will not be able to reuse (re-enter) old (passwords that have been used before) or existing passwords.

    • If ‘No’ is selected, then a user’s previous and current passwords can be reused any number of times.

      Special Character Required: Select Yes if the user is required to contain a minimum of 1 special character. E.g. ~`!@#$%^&*()-_+={}[]|\;:"<>,./?. Otherwise, select No.

      Two Step Verification:

    • If ‘Yes’ is selected then:

      • Enter the number of minutes after which the Two factor Token will expire, if the user does not login within this time.

      • In addition to entering a password on the login screen, users will also be sent, via email, a PIN which is also to be entered .

        In the example below, 10 minutes is entered. The first time a user logs in with their username and password, they will be prompted to enter the PIN sent via email.

    • If the user does not enter this pin within 10 minutes from when it was sent, then a new pin will be required.

    • If the user logs in successfully and then logs out, if they decide to log back in within the 10 minute period after the pin was sent, then they will not be asked to enter a new pin.

    • If the user logs in successfully and then logs out, if they decide to log back in after the 10 minute period, then a new pin will be sent to their email address.

Once you have entered your chosen configuration options, click on the Submit button to save.

The HRplus app will be updated to always reflect the options that have been enabled (those for which Yes is selected).


Two Factor Authentication Example



Email Message with PIN for Login to HRplus


Two-Step Verification


What is Two-Step Verification?


Two Step Verification (2SV) works by adding an additional layer of security to your HRplus Software accounts. It requires an additional login credential – beyond just the username and password – to gain account access. 2SV helps protect you by making it more difficult for someone else to sign in to your account. Even if someone else finds your password, they'll be stopped if they don't have access to your email info. This is also why it's important to use different passwords for all your accounts.

Cons vs. Pros

Cons:

Increased login time – Users must go through an extra step to login into an application, adding time to the login process.

Pros:

Improved security – 2SV reinforces security by making it more difficult for intruders to gain unauthorized access, even if a perpetrator gets past the first authentication step.

Recommendations:

  1. Email used should be company emails.

  2. Set up a short expiry time for token to ensure that the token is required at every login.

  3. Individual email addresses should be used instead of group email addresses. This is to ensure that only the specific user will receive the secret key.

Increased productivity & flexibility – enables businesses and public institutions to be more productive and efficient, allowing employees to perform remote tasks with far less security concerns.



How to Setup 2SV in HRplus?



Two Step Verification can be turned on via Security>>Password Config however, there are a few prerequisites which must be conducted prior to turning on 2SV.

Step 1: Ensure email server is setup

Step 2: Users are required to have an email address associated with their User ID Step 3: Toggle 2SV On


Step 1: Ensure email server is setup


Navigation: System Configurations>>Company Parameters>> System Constants>>Mail Server

The following connection details can be used to configure the email server.

If you have your own mail server information complete the form below and save the record with the saved icon.

If you are required to use our mail server settings, please contact us at helpdesk@hrplus.net.





After the configuration is complete, it is important to test that the users can receive emails. Enter an email address in the section "Test Email Address" and select the option "Send Test Email". You will get a prompt indicating that an email was successfully sent. Check your inbox to confirm that

the test email was received.

Navigation: Security>>User Administration>>Search for User ID

Step 2: Users are required to have an email address associated with their User ID




Ensure that all employees have a valid email address.

Add or edit email address if same is missing




The user Email address is extremely important as turning 2SV on will prompt a PIN to be sent to the user’s email address. Failing to include the user’s email address will lock the user out of the

application as there will be no way for the user to receive the PIN.

Navigation: Security>>Password Config>>Two Factor Authentication

Step 3: Toggle 2SV On




The System Admin is the only user with access to the Security Module and they are responsible for turning 2SV on. To do so, the ‘yes’ toggle must be selected, then submit the form to save the changes. The value can also be changed to the number of minutes a user will be able to log back into the application without requiring a PIN.


Turn off 2SV

For additional information on how to log in using this feature, please consult the article How to

Login Using 2 Factor Authentication?

You can turn off this option by simply selecting the option "No" in the configuration



Security>>Security Setting>>Password Config>>Password Expiry In-App Popup Notification/

Password Expiry Reminder

How to enable/disable password expiry notifications?




The following two (2) features allows user's to enable/disable password expiry notifications:

  1. Password Expiry In-App Popup Notifications (Days in Advance): once enabled, this feature triggers a pop-up message that prompts the user, on logon, to change his/her password. The message is displayed based on the number of days in the Value field.

  2. Password Expiry Reminder: when enabled, reminders (up to 3) are sent to alert users of impending password expiry. The reminders are sent, in advance, based on the number of days in the Value field. Up to three (3) reminders can be set up, with the values (days in advance) entered in the Second Reminder and Third Reminder fields.


Value: Number of days in advance for, password reset notification prompt.

Second Reminder: Number of days in advance for, second password reset notification prompt.

Step 1: Enable/Disable password expiry notifications





Third Reminder: Number of days in advance for, third notification password reset prompt.

Enabled: Select "Yes" if the Password Expiry feature is to be used . Select "No" if this feature is not being used.


Step 2: Login as user and View Reminders


Home

Password Reminder Notice 1




Home>>Notifications

Password Reminder Notice 2




User Email Account>>Password Expiration Notification

Password Reminder Notice 3




    • Related Articles

    • Security

      Overview of the Security Module In the HRPlus Security Module comprehensive features are available to allow/restrict user access to specific HRplus modules, modes of operation (e.g. update, inquiry), levels with the Company (e.g. Company, Division, ...
    • Security (Introduction and Key Concepts, Glossary and Module Updates)

      ‌Introduction and Key Concepts ‌Overview of the Security Module In the HRPlus Security Module comprehensive features are available to allow/restrict user access to specific HRplus modules, modes of operation (e.g. update, inquiry), levels with the ...
    • Security (FAQs)

      ‌Security FAQs ‌Understanding User Roles on HRplus On HRPlus, users are categorized into different roles to ensure that they have the appropriate access levels to perform their duties and responsibilities effectively. Here are the key differences ...
    • Security (‌Module Audit)

      ‌Module Audit  Security>>Module Audit ‌How do I use the Auditing feature? Module Audit The Auditing feature in HRplus is available for ALL modules and: Allows for an inspection of Insert/Update/Delete functions that are performed by users of HRplus. ...
    • Security (‌Creating and Managing Users)

      ‌Creating and Managing Users  Security>>New User ‌How to create a single user? New User A User ID and password allows the end user to log into the HRplus Application. This permission must be created for new employees or anyone who is required to use ...