Navigation

 ·   Wiki Home
 ·   Wiki Help
 ·   Categories
 ·   Title List
 ·   Uncategorized Pages
 ·   Random Page
 ·   Recent Changes
 ·   RSS
 ·   Atom
 ·   What Links Here

Active Members:

Search:

 

Create or Find Page:

 

View Login Security

Category:New Users - Start Here!
Category:HWeb Agent
Category:Security

Login Security Settings

There are many settings that may be configured within Hudson products to ensure maximum system security and data integrity.  Here are the items and how they are configured and used. Note: you typically must be a system administrator, with admin level privileges in order to setup and manage most of these items. These configuration items are found here:
Tools -> Configuration -> Application Configuration -> General Config -> Fare & Services -> Login Tab


Lockout after failed attempts:

This is the number of unsuccessful login attempts that you will permit before locking the user out of the system for a specified period of time (see Lockout period below). Double click the Value field to edit or adjust this setting. Default maximum number of retries is 6.

Lockout period (minutes):

After the number of Login attempts specified below, this is the amount of time, in minutes that must pass before the user will be permitted to attempt logging in again. Double click the Value field to edit or adjust this setting. The default minimum lockout time is 30 minutes. NOTE: A system administrator may login to the system at any time and reset a locked out user. Information on how to unlock a user may be found here: User is Locked Out

Login error message: Invalid internal user id:

This is the message that will be displayed to the user when the User ID entered is incorrect. Double click the Value field to edit or adjust this setting.

Login error message: Invalid Password:

This is the message that will be displayed to the user when the Password entered is incorrect. Double click the Value field to edit or adjust this setting.

Login error message: Password Expired:

This is the message that will be displayed to the user when the Password entered has expired. Double click the Value field to edit or adjust this setting.

Login error message: User disabled:

This is the message that will be displayed to the user when the User ID entered has been disabled (by an administrator). Double click the Value field to edit or adjust this setting.

Login error message: User locked out:

This is the message that will be displayed to the user when the User ID entered has been locked out, after reaching the maximum number of login retries (see below) has been reached. Double click the Value field to edit or adjust this setting.

Login error message: UserID not found:

This is the message that will be displayed to the user when the User ID entered is not in the database of configured users. Double click the Value field to edit or adjust this setting.

Maximum number of login retries:

This is the number of unsuccessful login attempts that you will permit before the login dialog box will disappear from view. This value does not necessarily lock a user out of the system. The user may launch the login dialog again by clicking the application shortcut.  Double click the Value field to edit or adjust this setting.

Maximum size of user ID:

This is the value corresponding to the maximum number of characters that may be contained in a User ID. Double click the Value field to edit or adjust this setting.

Minimum size of user ID:

This is the value corresponding to the minimum number of characters that must be contained in a User ID. Double click the Value field to edit or adjust this setting.

Password Expiration Action:

This is the action taken by the system when a Password Expiration threshhold has been met. The available options are:

  • Prompt for new password (Default minimum setting)
  • Lockout user
  • Ignore

Double click the Value field to edit or adjust this setting.

Password Expiration days:

This is the number of days the system will allow a user to continue using the current password. When this threshold is met, the user will be subjected to the Password Expiration Action (above). Double click the Value field to edit or adjust this setting. Default value is maximum of 90 days.

Password maximum size:

This is the value corresponding to the maximum number of characters that may be contained in a user Password. Double click the Value field to edit or adjust this setting.

Password minimum size:

This is the value corresponding to the minimum number of characters that must be contained in a user Password. Double click the Value field to edit or adjust this setting. Default value is minimum of 7 characters

Password must be strong:

This setting can enable or disable “Strong” passwords. The use of Strong passwords is highly encouraged and is enabled by default. A strong password meets the following criteria in the Hudson system:
1) at least one upper case character
2) at least one lower case character
3) at least one numeric character (0123456789)
4) at least one symbol ({}[],.<>;:?/~!@#$%^&*_-+=)
5) must be at least 8 characters
Double click the Value field to edit or adjust this setting. Default value is that Strong Passwords are required.

Password storage as hash only:

This setting determines how the password is stored in the database. The options are No or Yes. The more secure setting is Yes. When set to this value, the password is hashed (encrypted) and combined with additional layers of security making them less prone to hacking or decryption.

NOTE: In order to meet login security settings defined and required by PCI standards, a user may not re-use any of the last 4 (four) passwords entered for that User ID.  This is a hard-coded value and not subject to configuration or modification.

A comment about PCI Security

Any Hudson Client whose system was configured and delivered from May 2012 and after will have default settings configured that meet PCI compliance requirements.  If you change the default settings to make them less stringent than the delivered defaults, you most likely are invalidating the PCI compliance of your Hudson system. For clients whose systems were delivered prior to May 2012, even though they may have updated to version 1.94 of the Hudson system should check each of the settings above and consider configuring to the stated defaults, assuming they result in a higher or more stringent security protocol.

Hudson Support Technicians are not permitted to adjust your login security settings below the stated PCI default settings outlined on this page.

Only a system administrator at your company may be permitted to take this action.

Login Error Codes

When attempting to login, if an error is made with UserID, Password or some other system error occurs, a message followed by a code (number) is usually displayed. If the message is unclear, you can check here for a list of the Login Error Codes.

Force Password to Expire

For optimal system security, when setting up a new user, you should force the “default” or initial password to expire when the user logs in for the first time. Only the user should posess their password. System Administrators may be able to reset or change a password, but should not know or be capable of discovering what any users password is.

  Configuration > General Config > User Access
  Add User
  User ID - Users login name
  Password - initial or default password
  First Name - users First Name
  Last Name - users Last Name
  > Force Password to Expire - Place a check mark in this box to enable.  When the user then logs into the system for the first time, they will use the initial or default password that was assigned. They will immediately be prompted to enter and verify a new password.  From this moment on, the new password will be in place for second and subsequent logins.

Event Table Tracking

Effective HGTS version 1.94 (5147) every login attempt is written to a table in the SQL DB named “Events”.  The users login ID, date and time are tracked along with the event “type” (Successful login, login failed, user locked, etc.).  The event types values that are tracked are:

1 Successful login
2 Invalid password
3 User not found
4 Login lock reset (unlocked)
5 Login lock set (locked)
6 Login locked
7 Internal format error, record has less than the minimum number of fields
8 Internal format error, internal user id does not match database ID
9 Internal format error, internal alternate user id does not match database Alternate ID
10 Database error
11 Password expired
12 User disabled
13 Invalid record type (non user, ie group)
14 Password updated after expiration
15 User Account unlocked by Admin

Users and Administrators will not typically have access to this information. Should this information be required in order to track a potential security breach, please contact Hudson Tech Support for assistance.

Categories: