OneSpan Sign Admin: Password Policy – Part 1

Duo Liang,

Security is always at the heart of OneSpan Sign’s business. Whether you are an admin user, a transaction sender, or a contract recipient, OneSpan Sign has pushed forward tremendous efforts to make your e-signature experience more secure.

In this blog, we will dive into a new feature called “Password policy for account”, which grants the admin users the ability to design more secured and sophisticated password policies for senders within the organization. 

Password Policy

This feature has been introduced since the 11.30 release which integrated a number of security settings regarding the password policy for enterprise users.

If you log onto the new sender UI as the account owner, the admin relevant information is now listed as a separate “Admin” menu tab. From there, you will be able to manage the account users, set up application settings, and check your account plan. All the password policies will be available in the “Security Settings” page.
 1-22-1
Note: The security settings are now available in the dropdown list. The capability to disable options will be available in an upcoming release.
Below, We will break down the page into different policy rules and explain each in turn.

Rule 1: Specify the Minimum Number of Days Before a Password Can Be Changed

1-22-2

This rule prevents your sender users from changing the password too frequently. Senders can check the earliest time they can change the password from their own account portal.

1-22-3
 
Note:
1. This rule only restricts password changes from the sender’s portal. They can still request for password recovery through email when necessary.
2. The possible values are integers between 0 (default) and 365.
3. Specifying 0 day in this setting will remove the restriction.

Rule 2: Specify the Number of Passwords the System Will Store in History

 1-22-4
During a password reset, senders cannot repeat the previous password stored in the history.

1-22-5
 
Note:
1. This rule takes effects both at sender’s portal and the page accessed from the password reset email.
2. The possible values are integers between 0 and 30.
3. Specifying 0 password in this setting will remove the restriction.


Rule 3: Specify the Days Until Password Expires

 1-22-6
You can now set up the maximum password age and force your account users to change a password before the expiry, in order to reduce the possibility that the password could be compromised. 

Note:
1. The possible values are integers between 0 and 365.
2. Specifying 0 day means the password would never expire.

Optionally, you can select whether to notify your users of the password expiry warning through emails. It is a new email template added to the OneSpan Sign system.

1-22-7
 
Very similar to package reminders, you can set up the initial notification date and how many times you want to repeat the reminder.

 

Time to Get Started

This should provide you with enough information to get started using the Password Policy feature. In our next blog, we will introduce the rest of the password policies, then review all the APIs related to the password and the password policy to help developers integrate with this functionality.

If you have any questions regarding this blog or anything else concerning integrating OneSpan Sign into your application, visit the Developer Community Forums. Your feedback matters to us!

OneSpan Developer Community

OneSpan Developer Community

Join the OneSpan Developer Community! Forums, blogs, documentation, SDK downloads, and more.

Join Today

Duo Liang is a Technical Evangelist and Partner Integrations Developer at OneSpan where he creates and maintains integration guides and code shares, helps customers and partners integrate OneSpan products into their applications, and builds integrations within third party platforms.