This subsection discusses the settings related to default password policy for your on-premises deployment.


Configure the "Default Password Policy" parameters in SigningHub Global Settings

  1. Click the "Configurations" option from the left menu.
  2. Click the "Global Settings" option.
  3. Global Settings will appear, select the "Default Password Policy" option from the top right drop down. 
  4. Configure these settings as required and click the "Save" button from the screen bottom. 
    See the below table for fields description.

 


Global Settings - Default Password Policy

Fields

Description

Minimum Password Length

Specify the minimum password length for your SigningHub web users. SigningHub will enforce each user to comply with this password length during the registration or password update phase. However, in case of an enterprise account, this condition can be overridden through the Enterprise password policy.

Include 1 or More Numbers

Tick this check box to enforce your SigningHub web users to include at least one numeric value in their passwords. However, in case of an enterprise account, this condition can be overridden through the Enterprise password policy.

Include 1 or More Upper Case Characters

Tick this check box to enforce your SigningHub web users to include at least one upper case character in their passwords. However, in case of an enterprise account, this condition can be overridden through the Enterprise password policy.

Include 1 or More Special Characters

Tick this check box to enforce your SigningHub web users to include at least one special character in their passwords. However, in case of an enterprise account, this condition can be overridden through the Enterprise password policy.

User Must Change Password at Next Login

Tick this check box to enforce your SigningHub web users to change their password after first login. This will be applicable to the newly registered users only.
However, in case of an enterprise account, this condition can be overridden through the Enterprise password policy.

Lock Account on Invalid Login Attempts

Tick this check box to configure SigningHub to auto lock the accounts of your SigningHub web users, when they make consecutive invalid login attempts. This will further bring a couple of fields to specify the threshold values, i.e.:

  • Specify the number of invalid attempts after which the user account should be locked, e.g. 5. 
  • Specify the duration in minutes during which the account should remain locked, e.g. 30 mins.

It is important to note that after the fourth invalid attempt, SigningHub shows a CAPTCHA to the user. So its better to keep the threshold count to lock a user account greater than 4, but its not mandatory.
A user can not login with SigningHub ID through SigningHub Desktop Web, API, Mobile Web, Mobile App or Native Apps, as far as their account is locked.


If you do not want SigningHub to auto lock the user accounts, keep this check box un-ticked.

Enable Password Expiry Duration

Tick this check box to configure SigningHub to auto-expire the passwords of end users after a certain time period. Specify the number of days in the "Expiry Duration (Days)" field after which SigningHub should expire the users' passwords. The specified number of days will also serve as the default value for the password auto-expiry duration in enterprise password policy.

This will be applicable only to the subscribers/ users of those Service Plans in which the "Protect server-side signing keys with user password" check box is selected.

However when configured, this condition can be overridden through the Enterprise password policy in case of an enterprise account.
If you do not want SigningHub to auto-expire user passwords, keep this check box un-ticked.



  1. SigningHub does not allow its users to set as password, the following:
    • Their user account (i.e. Email Address)
    • The last used password
    • Their full user name


See Also