/
Set up Password Complexity and Lockout Policy
Document toolboxDocument toolbox

Set up Password Complexity and Lockout Policy

Owned by Documentation Reviewer
Oct 28, 2020

Setting up password complexity

You can set up minimum complexity requirements for MobileTech passwords, such as requiring digits, upper case letters, special characters, and password length in the C:\Program Files (x86)\Signature\MobileTech\RescoCloud\Web.config and C:\Program Files (x86)\Signature\MobileTech\Admin\MobileTechAdmin.exe.config files using a regex (regular expression) check. 

<add key="PasswordPolicyStrengthRegex" value="" />

User password strength regex check (empty allows any password). This value defaults empty.

Example:

The settings in the sample below are explained. You are not limited to these settings.

add key="PasswordPolicyStrengthRegex" value="^(?=.[0-9])(?=.[A-Z])(?=.[!@#$&]).{8,}$"

(?=.[0-9]){*}Indicates at least one digit.
(?=.[A-Z])*Indicates at least one upper case letter.
(?=.[!@#$&])Indicates at least one special character.
{8,}
  • Indicates a minimum of 8 characters in length


Setting up the password lockout policy

Set up your password lockout policy to indicate a lockout mode (Lockout or Disable), after x failed login attempts, as well as how many minutes a user's account is locked. These setup options are in the Web.config file. The Password Policy Lockout Attempts setting will also need to be set in the MobileTechAdmin.exe.config file.

If you choose to not set up a password lockout policy, set PasswordPolicyLockoutAttempts to either 0 or "" as this allows an infinite number of invalid login attempts.

  • Password Policy Lockout Mode
    This setting has two possible values – Lockout and Disable. This setting works in conjunction with the PasswordLockoutAttempts setting. The default value is Lockout.
    <add key="PasswordPolicyLockoutMode" value="Lockout" />
    • Lockout
      When the setting is set to Lockout and the Lockout Attempts value is hit, the account will be locked out until the PasswordLockoutDuration value has been reached. This value is in minutes. The system administrator can unlock the user in the user profile.
    • Disabled
      When the setting is set to Disable and the Lockout Attempts value is hit, the system administrator will need to enable the user in the user profile.

  • Password Policy Lockout Attempts
    Sets the number of invalid logon attempts that are allowed before an account is locked out. The default value is 3. 
    <add key="PasswordPolicyLockoutAttempts" value="3" />

    The Password Lockout Attempts setting needs to be set up in both the Web.config and MobileTechAdmin.exe.config files.

  • Password Policy Lockout Duration - Sets the length of time (minutes) the account is locked. The default value is 10 minutes. This setting is used in conjunction with the Lockout mode.
    <add key="PasswordPolicyLockoutDuration" value="10" />