Page tree
Skip to end of metadata
Go to start of metadata

Password Management

For passwords to be resistant to attack, they should:

  • Be at least 8 characters in length.
  • Contain a mixture of upper and lower-case characters.
  • Contain one or more numbers or other non-alphabetic characters.
  • Not be derived in any obvious way from the username. 

All staff accounts should be secured with such passwords, especially those in the Admin group. If you wish to give end-user accounts simple passwords for their convenience, then these accounts should be severely restricted in what they may do, for example only filling out a single form. End-user accounts with the ability to modify existing records or view sensitive data should also be given attack-resistant passwords.

Password Field Options

The Password field wizard provides the ability to configure all of the options mentioned above as well as additional options that improve password security. Additional options include:

  • Preventing the login and password from being the same value and a password from containing the login string.
  • Requiring user to change their password if it is reset.
  • Controlling password reuse.
  • Controlling password expiration time.
  • Adding password encryption.
  • Excluding dictionary words from passwords.

Changing Passwords

Once they have logged in to Agiloft, individual users can manage their own passwords. Please see Change Passwords for more information. Admin users can change the password of the Admin Console and all default sample users if they have Agiloft installed on their own premises. All on-premise installations are given the same default Admin Console password, so this is a critical step during the initial installation.

Change other users' passwords

  1. In the left pane, select the People table.
  2. Select the edit icon to edit the user's information.
  3. On the Contact Information tab, enter the new password in the fields and click Finish.

Change the Admin Console password

  1. Log in to the Admin Console.
  2. Click the People link in the left pane.
     
  3. Edit the admin user record.

  4. Enter the existing and new passwords, then click Save and then Save the admin user record.

Sample User Passwords

Each knowledgebase from one of the standard Agiloft templates is automatically populated with a number of sample users. Sample users are given easy-to-remember, and therefore insecure, passwords by default that should be changed if you plan to keep these user records. The alternative is to delete the sample users. 

The users Anonymous, faquser, register are essential for certain functionalities. There are three admin level users - admin, ewsystem, and system - these should be given new secure passwords.  Remaining users can be deleted or their passwords updated. 

The ewsystem user is used by Agiloft implementers and/or customer support staff to assist customers.