Path: Profile >> Security >> Security Policies
Security policies specify the active time period of various email links like password reset or verification link as well as session timeout, failed login attempts, etc. Security policies are specified on the Community level or account level by the community administrator. For the participants to know these for each of the communities they are participating in, these details have been added under the Profile.
Please note: The max enforced policy will show up in the policy settings along with the community it is applied to.
Following security policy is shown for logged in person in security policies section:
1. Password Policy: It shows minimum required password strength as per policy
2. Global Session Timeout: It shows the minutes after which your logged-in session will expire.
3. Email Verification Link Expire Time: It shows the minutes after which 2FA authentication will expire (User will still be verified but will not be taken within the community)
4. Member Passwordless Authorization Expire Time:
5. Email Claim Link Expire Time:
6. Rank Assessment Link Expire Time:
7. Rank Reviewscale Link Expire Time:
8. Resource Download Link Expire Time:
9. Member Approve Link Expire Time:
10. Member Reject Link Expire Time:
11. Member Profile Link Expire Time:
12. Idea View Link Expire Time:
13. Idea Approve Link Expire Time:
14. Idea Reject Link Expire Time:
15. Idea Pending Auth Link Expire Time
16. Conversation View Link Expire Time
17. Identity Verification Link Expire Time
18. Password Reset Link Expire Time
19. Password Reuse Limit
20. Remember Me: If this is enabled, your browser will remember your cookies and keep you logged in next time you visit.
21. Maximum number failed login attempts before locked down: Number of failed login attempts after which the account is locked.
22. Maximum number failed login attempt within
23. Locked down period after maximum number failed login attempt: It shows the minutes you have to wait to try again after max failed login attempts.
24. Maximum number failed claim attempt before locked down: Maximum times a user will be allowed to have failed claim attempts after which the account will be locked.
25. Maximum number failed claim attempt within
26. Locked down period after maximum number failed claim attempt
27. Locked user login prompt duration
28. Maximum allowed inactive days
29. Maximum forced password reset period: Shows the days after which the user will be asked to reset the password.
30. Maximum (in days) once a password can be changed: Shows the days after which a password can be changed again.
31. Allow concurrent Login: Shows communities which has concurrent login enabled. When this setting is enabled users cannot log in to multiple browsers at the same time with the same credentials.
32. Enable Two Step Authentication: Shows communities that have two-step authentication enabled.
33. Device Trust Period: Will be shown if Enable Two-Step Authentication is Enable
34. Enable Two Step Authentication by Email: Will be shown if this setting is enabled from DefaultSecurityPolicy
35.Enable Two Step Authentication by SMS: Will be shown if this setting is enabled from DefaultSecurityPolicy
36. Enable Two Step Authentication by Authenticator App: Will be shown if this setting is enabled from DefaultSecurityPolicy
37. Allow Auto-Login for Actions by Email Token
38. Maximum size of a profile image file in MB: This shows the maximum MB size of the profile image allowed.
39. Maximum number failed Two Factor Authentication attempt before locked down
40. Maximum number failed Two Factor Authentication attempt within
41. Locked down period after maximum number failed Two Factor Authentication login attempt