What is the context?
To improve system security and minimise the risk of compromised passwords, Meddbase offers a range of password policy features. These settings help enforce best practices for password management and protect your chamber from unauthorised access.
What is the purpose of the article?
This article explains how to access and configure Meddbase password policy options
Password Policy
To access the password policy options, go to the security policy section (Start Page > Admin > Security Policy). Beneath the security policy certificates, you will find a certificate labelled ‘Password Policy’ - click here to view the password policy options.
There are a number of features here to optimise the safety of your chamber. The table below explains each section and the available settings:
| Password Policy Section | Description |
|
Password Expiry days
|
TSet the maximum number of days a user can have the same password, once expired a user will be forced to change their password before logging in. You may also force all passwords to expire by clicking the button on the top bar at which point all users will need to change their passwords on their next log-in. |
|
Passwords to Keep |
Set the number of passwords securely stored in the database so that users cannot reuse the same password twice. All past passwords are securely encrypted in the Meddbase servers. |
|
Password Complexity Section |
Description |
|
Minimum Password Length |
Set the minimum number of characters required in a password. |
|
Minimum numeric characters required |
Specify the minimum number of numeric characters a password must contain. |
|
Minimum letter characters required |
Specify the minimum number of alphabetic characters a password must contain. |
|
Minimum punctuation characters required |
Specify the minimum number of punctuation characters a password must contain. |
|
Must mix upper and lower-case letters |
Require passwords to include a mix of upper- and lower-case letters. |
|
Two-Factor Authentication Section* |
Description |
|
Enable for all |
Enforce two-factor authentication (2FA) for all users. |
|
Installing |
A hyperlinked Guide for users to install the an authenticator app for time-based code generation. |
|
Only required for external access |
Only Limit 2FA to users accessing the system externally. |
|
Sensitive roles |
Require 2FA for users in select role groups, also referred to as sensitive roles. |
*This section allows users to implement a third layer of security to the username/password login. This authentication requires users to possess a smartphone with an authenticator app installed. Please see setting up two-factor authentication for guidance on enabling this feature.
Review date
This article was last updated on 22nd January 2025,