All about passwords
Wallboard Admin Staff asked 3 months ago

Passwords must contain a mixture of uppercase, lowercase and numerics.
Yes.

Password length must meet or exceed 8 characters.
Yes.

Accounts are disabled after 3 or less consecutive failed logons.
By default we lock out users after 10 failed attempts for 10 minutes. It can be configured on on-premise server.

Do you enforce inactivity timeouts to lock applications/access after a set period of time?
Tokens are being invalidated after 30 minutes of inactivity after that time, the user must login again. We don’t delete the user.

Users are required to change passwords at first use if originally assigned by a 3rd party.
If the user is comming from SSO, it won’t have a password.
If the user is created in Wallboard with an “empty” password, then the user must set it’s password via reset password form (details are sent in email).

Do you enforce inactivity timeouts to lock applications/access after a set period of time?
This is question is a duplicate of question 9.

Do you delete, disable or modify default accounts and/or passwords when commissioning a new application/system?
When installing a new system, the default admin must change it’s password on the first login.