Security

Set the system-idle lock and password policies for individual databases to ensure that the passwords of authorized users are sufficiently strong and that users change their passwords as often as deemed necessary by your organization.
Tip: PLA 3.0 allows you to use directory services based on LDAPS, such as Microsoft Active Directory Domain Services, to handle user authentication. Active Directory allows you to enforce greater password complexity and prevent user names from being employed as passwords. For more information, see the Directory service topic.

System section

The following items are available:
Item Description

Idle lock interval [min]

The system automatically locks for users who have stopped interacting with it for the number of minutes you specify. Users who are locked out have to re-enter their password.

Tip: Enter 0 (zero) to deactivate this option.

Support requests

Specifies whether users can send support requests.

Available options:
  • Activated: Users can send requests.
  • Activated (without documents): Users can send requests but cannot attach documents to their requests.
  • Deactivated: User cannot send requests.

Sending feedback

Specifies whether users can send feedback.

Available options:
  • Activated: Users can send feedback.
  • Activated (without documents): Users can send feedback but cannot attach documents to their feedback.
  • Deactivated: User cannot send requests.

Password section

Note: The password policy settings are primarily intended for file-based SQLite databases that do not provide their own access control beyond the file system permissions of the database files. We recommend Microsoft SQL Server databases for production purposes and simultaneous access in multi-user environments. For an example of password settings, see the Confidentiality topic.
The following items are available:
Item Description Notes

Minimum length

The system accepts passwords that do not have fewer characters than the number you specify.

The number you enter for Minimum length cannot be greater than Maximum length.

Minimum number of special characters

The system accepts passwords that do not have fewer special characters than the number you specify. Special characters are characters that are neither letters nor numbers such as @, #, !, ", %, &, (, ), *, +.

The number you enter for Minimum number of special characters cannot be greater than Maximum length.

Maximum length

The system accepts passwords that do not have more characters than the number you specify.

The number you enter for Maximum length cannot be less than Minimum length.

Maximum age [d]

The system accepts passwords that are not older than the number of days you specify. Users have to change their password when it has reached Maximum age. Enter 0 to deactivate this option.

The number you enter for Maximum age cannot be less than Minimum age.

Tip: Current regulations, such as 21 CFR 11.300(b) in the pharmaceutical industry, require you to implement policies regarding password aging.

Warning age [d]

Prompts users to change passwords that are older than the number of days you specify. Enter 0 to deactivate this option.

/

Minimum age [d]

Allows users to change passwords that are at least as old as the number of days you specify. Enter 0 to deactivate this option.

The number you enter for Minimum age cannot be greater than Maximum age.

Tip: Enable this option in conjunction with a password history policy (see History length option below) to effectively discourage users from reusing old passwords.

Maximum age blocks account

Locks user accounts whose password has reached Maximum age. An administrator has to access PLA 3.0 and unlock user accounts whose password has reached Maximum age.

If you deactivate this option, users still have to change their password when it has reached Maximum age. Yet no unlock action by an administrator is required (see System > Account management > Users > Unlock now).

Important: If you enable this option and the password of the Administrator account reaches Maximum age, the administrator is locked out of the system.

Maximum failures

Locks user accounts that have the number of failed consecutive logins you specify.

/

Failure grace interval [min]

Locks user accounts for the number of minutes you specify when they have reached Maximum failures. Enter 0 to keep accounts locked until an administrator unlocks them manually.

/

History length

Specifies the number of consecutive unique passwords saved for individual user accounts. Determines how often users have to change their password before they can reuse previous passwords of the same account.

Enter 0 to keep all previous passwords and prevent passwords from being used ever again for the same account.
Tip: Enable this option in conjunction with a password minimum age (see the Minimum age option setting) to effectively discourage users from reusing old passwords.

List of invalid passwords

Prevents the character strings listed from being used as passwords. Select Edit to open the Manage invalid passwords dialog, where you can edit the Invalid passwords list.

This feature is case-sensitive. If you add the character string password to the list, you do not prevent users from using Password.