Setup Password Complexity and Lockout Policy
While you can manually add the technicians' passwords in MobileTech Admin (see Add a MobileTech User) or in Resco's Admin Console (see Set Technician Passwords with Admin Console (optional)), you can use the Update Password Policy window to set up the complexity, password expiration, as well as the lockout mode. In MobileTech Admin, select Tools > Update Password Policy.
- When MobileTech users and administrators update their passwords, the password complexity is enforced.
- The password expiration applies only to MobileTech users, not to MobileTech administrators.
- If you've previously set up password complexity and lockout policy using Regex, those values will default into this window.
- If you do not have a password complexity set up, the Update Password Policy window automatically displays after these events:
- Add Company Objects
- Add/Update Organization Database
- Change Administrator Password
- Upgrade Resco Server
We recommend enabling all requirements and setting the minimum password length to 8 characters.
Setting Password Complexity and Expiration
A password complexity policy is designed to deter brute force attacks by increasing the number of possible passwords by enforcing the use of strong passwords such as requiring digits, upper case letters, special characters, and password length. When the passwords expire, a prompt is displayed when the technician attempts to sync or sign in to their device and they can update the password at that time.
- In MobileTech Admin, go to Tools > Update Password Policy. If you have an existing password policy set up, the checkboxes with be automatically marked.
- Choose from the following complexity options by marking the applicable check box(es).
- Require at least one number. 0-9
- Require at least one upper case letter. A-Z
- Require at least one special character. (?=.*[^0-9A-Za-z])
- Set the Minimum password length. This setting determines the least number of characters that can make up a user account. If set to 0, a password can be any number of characters.
- Select the Password Expiration In value.
- Never: The current password never expires.
Next Logon: The user is prompted to change their password the next time they log into MobileTech.
After the password has been changed, the password expiration is set to "Never", which means users will not be prompted automatically to change their password again. You can come back at a later time and change the Password Expiration value to something other than "Never" (or "Next Logon") if you want to have an expiration after x days.
- 30 Days: Every 30 days/1 month, users are prompted to reset their password when logging into MobileTech.
- 90 Days: Every 90 days/3 months, users are prompted to reset their password when logging into MobileTech.
- 180 Days: Every 180 days/6 months, users are prompted to reset their password when logging into MobileTech.
- 1 Year: Every 365 days/12 months, users are prompted to reset their password when logging into MobileTech.
- Set up the lockout mode below.
Setting Lockout Mode
Set up your password lockout policy to indicate how many x failed login attempts, as well as how many minutes a user's account is locked.
- Enter the Lockout Attempts value. This threshold number indicates how many unsuccessful logins a user can attempt before their account is locked. The default value is 3 attempts.
- Enter the Lockout Duration (in minutes) value. This number indicates how long the user's account is locked before they can try to log in. You can also manually unlock a user's account from the MobileTech Admin Users window by selecting the user and then selecting the Unlock button. The default value is 10 minutes.
- Select Update.