Depending on your company’s requirements, Focus allows you to prescribe, in detail, how your passwords are managed. This includes how secure the passwords are (eg. length, composition), how often they need changing and how employees are informed of any necessary changes.
The Password Policy that you set is Focus-wide and so affects everyone who attempts to log in, from Administrators and other Focus Users to employees who have access to the Self Service App.
This guide will look at:
Password minimum length
Passwords need to be at least this length, up to a maximum of 24 characters. The minimum this can be set to is 6.
In our example, the password must be between 6-24 characters.
Minimum numeric characters
Passwords must contain at least this amount of numbers.
In our example, a password must contain at least 1 number.
Minimum upper case characters
Passwords must contain at least this amount of upper case letters.
In our example, a password must contain at least 1 upper case letter.
Minimum lower case characters
Passwords must contain at least this amount of lower case letters.
In our example, a password must contain at least 1 lower case letter.
Minimum non alpha-numeric characters
Passwords must contain at least this amount of characters that are not numbers or letters. In our example, a password must contain at least 1 non alpha-numeric character (eg. £ ! ?).
Whenever you set a new password for an employee in their Employee Form, if any of the above requirements are not met, an error message will inform you of your mistake.
Likewise, when an employee attempts to change their password (ie. in the Self Service App) and any of the requirements are not met, they will also receive a similar error message.
Password changes before allowing re-use
The number of completely different passwords that must be used before being able to use the same password again. In our example, the same password can’t be used again until 10 completely different ones have been used.
Expire first time passwords after x days
The initial password that is created in Focus will expire after this period if the employee or Focus User does not attempt to login and change their password (eg. the initial password will expire after 7 days).
Note - when an employee or Focus User logs in for the first time they are automatically required to change their password.
Expire all passwords after x days
Any new password that an employee or Focus User creates will expire after this period (eg. passwords will expire after 365 days so will require changing).
Warn x days before password expires
When logging in, the employee or Focus User will receive a warning message that their password is due to expire (eg. warnings are sent 7 days before passwords are due to expire).
Force password change within x days of expiry
On login, the employee or Focus User will be forced to change their password before their current password is due to expire. This is an additional safety feature, designed to prevent them being locked out of Focus should their password expire (eg. forced password changes required 3 days before the 365 day expiry period is reached).
The example below shows the minimum password policy that can be set. This simply allows passwords of 6-24 characters in length with no other limitations. Passwords will not expire and employees and Focus Users will only be prompted to change their password on their very first login.
Turning on Two Factor Authentication will add an extra layer of security to User logins, requiring a six-digit code to be entered alongside the username and password. This does not affect Self Service logins.
Learn how to quickly turn on Two Factor Authentication, adding an extra level of security to your login process.
Employee templates are a great way to get new team members set up quickly in Focus.
When you create Users in Focus, you have a huge amount of control over which parts of the program they have access to, and what they can do with their access.