Security Settings
Comprehensive Security Management
In OIBIS, security management allows a company to enable or disable two-factor authentication (2FA) for enhanced login protection. When 2FA is enabled, users must enter a One Time Pin (OTP) sent via email after providing their username and password. The system implements a progressive lockout mechanism for multiple invalid login attempts, escalating from a temporary lockout to permanent lockout requiring administrator intervention. Administrators can unblock users by resetting their password using an OTP. Additionally, users can reset their passwords or security questions themselves with an OTP, ensuring robust security while maintaining user flexibility.
An administrator switches two-factor authentication (2FA) on or off, which affects the entire company
1
1
An administrator can switch 2FA on or off at a company level under "Account settings". If switched on, users are required to enter a One Time Pin (OTP) after entering a valid username and password.
A user enters a One Time Pin (OTP) to log into OIBIS
1
1
With 2FA switched on at a company level, users are required to enter the OTP that was emailed to them after entering their username and password.
A user resets their password or answers to security questions
2
1
1
If a user chooses to reset their password and/or answers to security questions, they would select the "Security settings" option from their profile settings dropdown.
2
The user would then enter the OTP that was emailed to them.
1
1
2
1
If a user chooses to reset their password they would enter the new password twice.
2
The user can also select to change one or more security question answers.
A user who repeatedly attempts to log into OIBIS with incorrect credentials will ultimately be blocked
1
1
If a user enters invalid credentials three times, the user's account will be locked for 5 minutes.
1
1
If the user enters invalid credentials three more times after their first attempt, the user's account will be locked for a further 10 minutes.
1
1
If the user enters invalid credentials three more times after their second attempt, the user's account will be blocked, which will require them to contact their administrator to unblock their account.
A user contacts their administrator for help in unblocking their account
1
1
The administrator double-clicks the user's account that needs to be unblocked.
2
1
1
2
The administrator clicks the reset icon to unblock the user's account.
An OTP email would have been sent to the user. The administrator requests the OTP from the user, which verifies the legitimacy of the user.
1
1
The user requests that just their password should be reset. The administrator clicks the "YES" button, which sends a temporary password email to the user.
1
1
After the user enters their username and temporary password, the user is required to answer three randomly selected security questions in order to proceed to enter their new password.