Passwords are so common in our lives that we almost don't notice them anymore – hands automatically type the password into the right box to get access to the service you want. Most people don't realize that we use passwords on dozens and dozens (if not hundreds) of different pages.
Fleet Complete password policy options
Since Fleet Complete service contains a lot of sensitive information (location data, personal information), data security is one of our priorities. Every organization’s admin users can set their required security level for passwords. Here are some ways to set up your organization’s password policy.
The password settings can be found on the Fleet Complete Settings page. While on the "Organization Settings" tab scroll down and you’ll see this view:
Password creation policy
There are two basic options to create passwords:
- "2-step verification"
"Invitation" - by default, all organizations are using this method. In this case, Fleet Complete sends an email to the user with a link to create a password. Creating a password is quick and effortless - click on the link and create a new password. You can also set the expiration time for the invitation.
“2-step verification” adds one additional action for greater security. When creating a new user, the administrator must also know the user's phone number (in addition to the email address). An invitation is sent by e-mail and when creating a password, the user has to enter the security code sent to his/her phone number. This method is the most secure way to access the Fleet Complete service.
Another important topic is the strength of the password itself, or how difficult it is to guess it. Fleet Complete allows admin users to determine the complexity of the password that suits the organization’s needs. You can choose and configure these requirements:
- minimum password length in characters
- minimum zxcvbn score (password complexity scoring scale, value can be one to four. The higher the number, the more complex the password is)
- must contain lowercase letters
- must contain capital letters
- must contain numbers
- If you want to make things very safe (and complicated), you can also request the use of special characters in your password - for example, a dot, a comma, an exclamation mark, euro or dollar symbol and so on.
Some examples of particularly weak passwords (certainly don’t use these or similar ones!):
- name and year of birth (tom1972)
User blocking and regular password changes
You can activate access blocking when a user has entered the wrong password a number of times to prevent intrusion. Only an admin user can open a locked account. This can prevent malicious access by someone trying to guess the password, trying different variations that are easy enough. At the same time, the users themselves must be careful, too - if you don’t know the password, you should NOT try out all the passwords you have had over time.
You can also specify that users need to change their password again after a specified number of days (for example once a year or every six months). In addition, you can specify that old passwords should not be reused for a certain period of time.
The password policy is fully configurable by the admin user in Fleet Complete. Each organization can set the level of complexity and security that suits them.
And remember! Treat your passwords like underwear - don't share them with anyone else, change them often and keep them off the table.
May 21, 2019 Mihkel Külaots