Products
Contact Support Additional Learning Monthly Product Updates
Menu

Forsta Professional Authoring Support

All the topics, resources needed for Forsta Professional Authoring.

Password Policy

  • Last updated:

Articles in this section

See more
In this article

    As part of the continuous effort to ensure that Forsta complies with the highest standards of security, the following password policy applies for end users (CAPI interviewers, report viewers, Analysts and Designers) and Authoring users (Professional, Standard and Translator).

    General:

    System messages are provided (with translations to the usual common languages) for these settings. The appropriate error messages will be displayed when users choose passwords that do not comply with the site settings.

    Forsta Plus provides ‘Forgotten Password’ functionality. This allows end users to trigger an email so they receive an activation link that opens a page where they can reset their password (go to Forgotten Password for more information).

    All passwords are hashed and are not transmitted in plain text, so passwords will not be available in plain text for any system users. Instead, users will be sent an activation link to open a page where they can choose their own password.

    Panelists:

    The changes to the password policy for panelists are optional, and users must actively enable the restrictions for Basic and Professional Panels (go to Panel Settings for more information). Users may then define custom settings for a panel. Panelist passwords will be hashed, meaning that passwords will not be available in plain text. When panelists use the “Forgot password” feature, they will be sent an activation link which will open a page where they can reset their password.

    Warning
    The default Panelist password settings pre-set by Authoring provide minimum security. Remember to enable suitable restrictions to ensure a satisfactory level of security for your panelists.

    SaaS users:

    The passwords for all areas of Forsta must satisfy the same minimum requirements for complexity. Wherever passwords can be changed or set within the application, they will be validated against the rules listed below before the change is accepted.

    • Password history - the user’s new password must be different from his/her last 12 passwords.
    • Minimum age - the user can change their password a maximum of three times in any 24-hour period. Note that the 24-hour time constraint is the default setting; this can be adjusted by the company administrator.
    • Maximum number of login attempts - after 5 invalid login attempts the account will be locked. The user will then not be allowed to login again until the account is reactivated by the system administrator.
    • Non-alpha-numeric characters - there is currently no requirement for characters that are not numbers (0..9) or letters (a..z, A..Z).
    • Uppercase characters - the password must contain a minimum of 1 uppercase letters.
    • Non-alpha characters - the password must contain a minimum of 1 character that is not a letter (a..z, A..Z).
    • Password length - the password must have a minimum of 8 characters.
    • Password expiry days - the password will expire (and the user will have to enter a new password) after 90 days. Note that this will not apply for log-ins to the CAPI console.
    • Password Link Timeout - the reset password link is valid for 60 minutes.

    For Forsta Plus users it is possible to enforce even stricter requirements through certain company settings. For example the administrator can specify that first name, last name and username cannot be used in passwords. Contact Forsta Support if you wish to implement a stricter policy.

    On-Premise users:

    The following configurable settings will be enforced for all On-Premise users. If the Company Administrator selects to use the settings, users will have to comply with these settings when changing their password:

    • Password history - the user’s new password must be different from his/her last X passwords.
    • Minimum age - the user will have to wait X hours after changing the password before being allowed to change it again.
    • Maximum number of login attempts - after X invalid login attempts the account will be locked. The user will not be allowed to login again until the account is reactivated by the system administrator.
    • Non-alpha-numeric characters - the password must contain a minimum of X characters that are not numbers (0..9) or letters (a..z, A..Z).
    • Uppercase characters - the password must contain a minimum of X uppercase letters.
    • Non-alpha characters - the password must contain a minimum of X characters that are not letters (a..z, A..Z).
    • Password length - the password must have a minimum of X characters.
    • Password expiry days - the total number of days for which the user password will be valid (after which the user will have to enter a new password), by default 90 days. Note that this will not apply for logins to the CAPI console.
    • Password Link Timeout - the reset password link is valid for X minutes.

    For Forsta Plus users, it is possible to enforce even stricter requirements through certain company settings. The server documentation that is provided with the release contains more detail.

    2-Step Verification

    Forsta Supports 2-step verification (2-factor authentication). Download an authenticator app such as Authy, Duo, Google Authenticator, LastPass Authenticator or Microsoft Authenticator, into your mobile device to generate the required code (go to Using 2-Step Verification for more information).

    Was this article helpful?
    0 out of 0 found this helpful
    Return to top