Password policy
About how passwords and user session work on the platform:
¿Is the password stored cryptographically (Hashing and Salting)?
Yes, all passwords are stored in encrypted way.
Does the password have to follow any rules? For example a minimum number of characters, have alphabetic or numeric characters, include upper and lower case letters...
Passwords can follow any rule the administrator specifies in terms of length or complexity. To do this, access the Configuration tool, and in the menu on the left click on the Advanced settings section.
Does the platform have any list of forbidden passwords or rules for not allowed passwords? For example 1234, abcde...
Yes, this option is available in the Advanced Settings menu. If enabled, the platform performs a check on a not allowed blacklist of easy-to-guess passwords.
Is the initial password requested to be changed when the user logs in for the first time?
When the password management is done from the LMS ecosystem, it is possible to request the password during the first login via a link in the welcome email.
Does the user's session have an automatic timeout in case of inactivity?
Yes, the session is automatically logged out after 8 hours of inactivity.
Does the platform have an access log where the date of last user authentication can be validated?
Yes, administrators have access to the Reports tool in the main menu, where the last date of user access can be checked.
Does the password expire? Is there a prior warning?
Yes, password expiration is another editable parameter in the Advanced settings section.
Is the user blocked if there are several failed login attempts?
No, there is no lockout, but in the Advanced settings you can activate the reCAPTCHA anti-brute force tool after a certain number of attempts.
Are users denied access if they are inactive for a long period of time?
No, users must be manually deactivated, although it is possible to set up password expiration after a certain period of time.