To further strengthen user security, we have adopted best practices based on OWASP (Open Web Application Security Project) to configure employee password rules.

Note: These settings apply to a guest’s password too – when a guest tries to log into Webstore.

  1. At the organization level, click the Admin icon and navigate to Organization > Organizations.

  2. Click the Settings tab and expand Employee Password Policies.

  3. Enable and configure the settings relevant for your business.
    See the following table for details.

  4. Click Save.


Field

Description

Enable key-in password update at employee profile

Optional.

Displays the Update Password button in the employee profile. You can use this option to update employee passwords.

Minimum password length __

Mandatory.


Change the minimum length. The default is 6 characters.

Maximum password length ___

Mandatory.


Change the maximum length. The default is 64 characters.

Do not use common and breached passwords

Mandatory.


Do not use common passwords such as hello123 and welcome123.

Cannot use the last five passwords

Mandatory.


Do not use any of your previous five passwords.

Password must contain at least one number (0-9)

Optional.


Select this check box if you want the password to contain at least one number.

Password must contain at least one lowercase letter (a-z)

Optional.


Select this check box if you want the password to contain at least one lowercase letter.

Password must contain at least one uppercase letter (A-Z)

Optional.


Select this check box if you want the password to contain at least one uppercase letter.

Password must contain at least one special character (# % $ etc.)

Optional.


Select this check box if you want the password to contain at least one special character.

Lock login after

__failed attempts

Optional.


Specify after how many failed login attempts, Zenoti should lock the user account.

The default is 5 attempts.

Unlock after __ minutes

Optional.


If the user account is locked, select this check box to unlock after x mins.

The default is 30 mins.

For example, a user used up all attempts to log in at 9.30 am and Zenoti locked the user account. At 10 am, Zenoti will automatically unlock the user’s login (assuming the setting is Unlock after 30 minutes).

Unlock with text verification code

Optional.

Select this check box if you want the user to be able to unlock her account using a text verification code.

This code is sent to the user’s registered mobile number. The user can use the code to unlock her account.

The verification code is valid for 10 mins.

Note: This notification uses your text credits.

Unlock with email verification code

Optional.

Select this check box if you want the user to be able to unlock her account using an email verification code.

This code is sent to the user’s registered email address. The user can use the code to unlock her account.

The verification code is valid for 10 mins.

Note: This notification uses your email credits.

Challenge with 6-digit verification code when a new machine or browser is detected; code is sent via email

Optional.

Select this check box if you want Zenoti to challenge the log in attempt when it detects a new machine or a new browser.


The 6-digit code is sent to the user’s registered email address.

The verification code is valid for 10 mins.

Challenge with 6-digit verification code when a new machine or browser is detected; code is sent via text

Optional.


Detects login attempt from a new machine or a new browser and prompts the user for a verification code.


The 6-digit code is sent via text message to the registered mobile number.

The verification code is valid for 10 mins.

Two-factor authentication with authenticator app

Optional.

Select this check box if you want to enable two-factor authentication with authenticator apps such as Google Authenticator, Microsoft Authenticator, and Authy.

If you enable this setting, users must enter their regular credentials (username and password) and a verification code that appears in the authenticator app to log in to Zenoti.

Two-factor authentication with text verification code

Optional.

Select this check box if you want to enable two-factor authentication using a text verification code. The verification code is valid for 10 mins.

Note: This notification uses your text credits.

Two-factor authentication with email verification code

Optional.

Select this check box if you want to enable two-factor authentication using an email verification code. The verification code is valid for 10 mins.

Note: This notification uses your email credits.

Password expires after __ days

Optional.

Select this check box and specify the number of days after which the password will expire. The user must reset the password before the password expires.

The default is 90 days.

Remind user to change password before __ days from password expiry date

Optional.

Select this check box if you want Zenoti to remind users to change their password before the password expiry date.

The default is to remind users to change their password 5 days before the date on which their password expires.

Important: This setting works only for SSO-enabled organizations when an employee tries to log into Zenoti web.

Enable captcha in forgot password page

Optional.

Select this check box if you want Zenoti to show a Captcha code in the Forgot Password page.

Add Captcha code after 3

failed attempts to log in

Optional.

Add a Captcha code after a specified number of failed login attempts.

The default is after 3 failed attempts to log in.


Related articles

Did this answer your question?