Security Policies
This article details the different security policy options in the Security menu.
Introduction to security policies
Administrators in the Brinqa Platform can define password, account lockout, session, and multi-factor authentication policies for Brinqa users.
To manage security policies, click Administration 
on the upper-right corner and under Security, select Security policies.
The security policies page shows the current settings for password policy, account lockout policy, session policy, and multi-factor authentication policy. You can modify these policies based on your company requirements.
Password policy
Password policy determines how to define a strong password, how frequent user passwords expire, and how many previous passwords to check for reuse. The following table details the password policy settings:
Table 1: Password policy settings
| Policy | Description |
|---|---|
| Minimum password strength required | How strong a password must be when users create passwords. Brinqa utilizes entropy to calculate password strength. Options include: Weak, Fair, Good, Strong, or Very strong. The default setting is Good. |
| Password expiry | How frequently user passwords expire and need to be reset. Options include: Never, One month, Two months, Six months, or One year. The default setting is Never. |
| Prevent password reuse | Specifies whether passwords can be reused and how many previous passwords the system checks for reuse. For example, selecting Last 3 would allow users to reuse a password other than the last three that they used. Options include: Never, Last 3, Last 5, Last 10, or Last 20. The default setting is Never. |
Modify a password policy
Navigate to Administration
> Security > Security policies.In the Password policy section, click the option associated with the policy.
Select a new value and click Update.
Account lockout policy
Account lockout policy determines how to handle multiple failed login attempts by a user of the system. The following table details the account lockout policy settings:
Table 2: Account lockout policy settings
| Policy | Description |
|---|---|
| Maximum failed login attempts before locking | The number of times a user can enter an incorrect password before their account is temporarily locked out of the system. Options include: No limit, Three, Five, or Ten. The default setting is No limit. |
| Failure reset interval (seconds) | How many seconds before the failure count is reset. This option only appears if a maximum failed login attempt value has been set. The default setting is 600 seconds. |
| Account lockout duration (seconds) | How many seconds before the account is unlocked. This option only appears if a maximum failed login attempt value has been set. The default setting is 600 seconds. |
Modify an account lockout policy
Navigate to Administration
> Security > Security policies.In the Account lockout policy section, click the option associated with the policy.
Select a new value and click Update.
The Failure reset interval and Account lockout duration settings only appear if the maximum failed login attempts before locking is not set to No limit.
Session policy
Session policy determines how to handle inactive user sessions. The following table details the session policy settings:
Table 3: Session policy settings
| Policy | Description |
|---|---|
| Session timeout | Length of time after which the system logs out inactive users. Options include: 15 minutes, 30 minutes, 1 hour, 2 hours, 4 hours, 8 hours, 12 hours, 24 hours, or a custom length of time. Choose a shorter timeout if you want to enforce stricter security controls. The default setting is 15 minutes. |
| Force logout on session timeout | Whether to enforce that current sessions become invalid when the user is inactive for some time. The browser refreshes and returns to the login page. The user must log in again to access the Brinqa Platform. The default setting is Disabled. |
Modify a session policy
Navigate to Administration
> Security > Security policies.In the Session policy section, click the option associated with the policy.
Select a new value and click Update.
Multi-factor authentication policy
Multi-factor authentication policy determines if users need to enable multi-factor authentication in order to log in to your Brinqa Platform. The following table details the multi-factor authentication policy settings:
Table 4: Multi-factor authentication policy settings
| Policy | Description |
|---|---|
| Enforce users with roles | The role required to enable multi-factor authentication to log in to your Brinqa Platform. Options include: Administrator, Configurator, Risk analyst, Security administration, System administrator, or Users. The default setting is None. |
Modify a multi-factor authentication policy
Navigate to Administration
> Security > Security policies.In the Multi-factor authentication policy section, click the option associated with the policy.
Select the role or roles to enforce multi-factor authentication.
Click Update.