OpperartionsCommander can be configured with various levels of security.
- To edit security settings, go into the System Config menu and click on System Settings.
2. Once in System Settings, click on Security in the list of settings.
3. The Manage System Settings window will open:
4. Stored in the system are all the usernames and passwords your employees use to log into your parking management software. If someone were to access that data, he or she would have access to everyone’s login credentials.
More and more, systems are using salted password hashing to add an extra layer of security to storing passwords.
Hashing is a one-way, irreversible process that takes the password a user enters and converts it into a short value hash that remains in the system.
For example, if a user enters their password as F23n$gh7, the hashing process might convert it into a four-digit number like 4792 and store that in the system.
If by coincidence, another user chooses the same password, with only hashing in place, the same 4792 would remain in the system for the second user. That brings in the salting process, which will randomize the string of digits for the hash so that even if two users have the same password, they will have different hash strings. It is not possible to reverse a hash, so you cannot “look up” what the original password was. Instead, a user who forgets their password, for example, would have to reset it completely.
Why is this important? For many reasons. If a hacker accesses the username and password portion of your system, the process of deciphering salted password hashes would be almost impossible. This also limits an administrator’s ability to view the passwords of employees, which can also be a security vulnerability.
a. If you have made changes to the rules for passwords or (added encryption as an example, ) this setting when activated, will force users to change their passwords in order to apply the new rule, when activated.
b. By default passwords do not expire, however you may opt for added security, to have passwords expire on a schedule. In our example we have set the password to expire every 90 days.
c. When toggled on, Enable Password History will remember the passwords you have used in the past, and will not allow repeat use of the password for a set period of time.
d. How long to remember old passwords sets the length of time previous passwords are kept in history.
- Minimum number of Numerical Characters required in the password
- Minimum number of Lower Case Characters required in the password
- Minimum number of Upper Case Characters required in the password
- Minimum number of Non-Alphanumeric Characters required in the password (Special characters such as !,&,#, etc)
5. Admins can opt to set up additional security settings that can lock the user out of the system if an incorrect password is entered repeatedly with in within a specific time frame.
The settings below for example, would lock the Admin out of their account for 2 hours (120 Minutes), if three failed attempts to log in occurred during a five minute period.