Path: Profile >> Security >> Security Policies

Security policies specify the active time period of various email links like password reset or verification link as well as session timeout, failed login attempts, etc. Security policies are specified on the Community level or account level by the community administrator. For the participants to know these for each of the communities they are participating in, these details have been added under the Profile.

Please note: The max enforced policy will show up in the policy settings along with the community it is applied to.

Following security policy is shown for logged in person in security policies section:

1. Password Policy: It shows minimum required password strength as per policy
2. Global Session Timeout: It shows the minutes after which your logged-in session will expire.
3. Email Verification Link Expire Time: It shows the minutes after which 2FA authentication will expire (User will still be verified but will not be taken within the community)
4. Member Passwordless Authorization Expire Time: It shows the minutes after which passwordless authorization will expire.
5. Email Claim Link Expire Time: Shows the minutes after which link within Claim email will expire to claim the email address.
6. Rank Assessment Link Expire Time: Shows the minutes after which link within Assessment email will expire.
7. Rank Reviewscale Link Expire Time: Shows the minutes after which link within Reviewscale email will expire.
8. Resource Download Link Expire Time: Shows the minutes after which the resources download link will expire.
9. Member Approve Link Expire Time: Shows the minutes after which link for Approve member within new member approval email will expire.
10. Member Reject Link Expire Time: Shows the minutes after which link for Reject member within new member approval email will expire.
11. Member Profile Link Expire Time: Shows the minutes after which link to view a member profile will expire.
12. Idea View Link Expire Time: Shows the minutes after which link to view the idea view will expire.
13. Idea Approve Link Expire Time: Shows the minutes after which link for Approve idea within new idea approval email will expire.
14. Idea Reject Link Expire Time: Shows the minutes after which link for Reject idea within new idea approval email will expire.
15. Idea Pending Auth Link Expire Time
16. Conversation View Link Expire Time
17. Identity Verification Link Expire Time: Shows the minutes after which the link within Verification email will expire.
18. Password Reset Link Expire Time: Shows the minutes after which the link within Password reset email will expire.
19. Password Reuse Limit: Shows the number of times a password can be reused to login.
20. Remember Me: If this is enabled, your browser will remember your cookies and keep you logged in next time you visit.
21. Maximum number failed login attempts before locked down: Number of failed login attempts after which the account is locked.
22. Maximum number failed login attempt within
23. Locked down period after maximum number failed login attempt: It shows the minutes you have to wait to try again after max failed login attempts.
24. Maximum number failed claim attempt before locked down: Maximum times a user will be allowed to have failed claim attempts after which the account will be locked.
25. Maximum number failed claim attempt within: Shows the number of failed email claim attempts allowed at a time.
26. Locked down period after maximum number failed claim attempt: Shows the minutes after which user will be allowed to login after being locked for multiple failed login attempts.
27. Locked user login prompt duration: Shows the minutes after which user will be prompted to login after being locked for multiple failed ogin attempts.
28. Maximum allowed inactive days: Shows the maximum number of inactivity days allowed for a member.
29. Maximum forced password reset period: Shows the days after which the user will be asked to reset the password.
30. Maximum (in days) once a password can be changed: Shows the days after which a password can be changed again.
31. Allow concurrent Login: Shows communities which has concurrent login enabled. When this setting is enabled users cannot log in to multiple browsers at the same time with the same credentials.
32. Enable Two Step Authentication: Shows communities that have two-step authentication enabled.
33. Device Trust Period: Will be shown if Enable Two-Step Authentication is Enable
34. Enable Two Step Authentication by Email: Will be shown if this setting is enabled from DefaultSecurityPolicy
35.Enable Two Step Authentication by SMS: Will be shown if this setting is enabled from DefaultSecurityPolicy
36. Enable Two Step Authentication by Authenticator App: Will be shown if this setting is enabled from DefaultSecurityPolicy
37. Allow Auto-Login for Actions by Email Token
38. Maximum size of a profile image file in MB: This shows the maximum MB size of the profile image allowed.
39. Maximum number failed Two Factor Authentication attempt before locked down
40. Maximum number failed Two Factor Authentication attempt within
41. Locked down period after maximum number failed Two Factor Authentication login attempt

Did this answer your question?