In System Properties found in VTA Utilities, the primary system administrator has the ability to configure password security settings for VTA Backoffice. These settings are system settings, not site settings. As such, they will apply across All VTA Backoffice users in a multi-site configuration.
1) Lockout User After X failed logon attempts
This setting will cause a VTA Backoffice user’s account to become locked after a specified number of logon attempts. This setting is used to prevent a hacker from having unlimited tries at discovering a VTA Backoffice user’s password.
When the account is locked, the user will not be permitted to logon to VTA Backoffice, even using the correct password.
2) Reset Locked Accounts After X minutes
This field only becomes enabled if the previous setting is > 0, meaning that the system is automatically locking accounts after a specified number of failed logon attempts. It is used to control how long an account will remain locked and therefore prevent the user from attempting to access VTA Backoffice.
Once the specified number of minutes since the last failed logon attempt has elapsed, the account will be unlocked automatically and the user will be permitted to attempt to logon once again. You can also set this value to -1, in order to prevent the account from being unlocked automatically. This will require the user to contact a system administrator to unlock the account manually.
3) Password Expires After X days
This setting will force the VTA Backoffice user to change his/her password on a regular basis.
4) Password May Equal Login ID
This setting is controlled by a checkbox. Checked means that the Password can be the same as the Login ID. Unchecked means that the Password cannot be the same as the Login ID. By default, this setting is unchecked and it is the recommendation of RISC that you do not allow the Password to be the same as the Login ID.
5) Password May Be Mixed Case
This setting controls if mixed case (upper and lower) are stored in the password. If checked, mixed case is stored. If unchecked, the password is stored in uppercase.