This document provides information about the Authentication security form screen, which displays information about senhasegura settings and allows you to manage them.
Access Path
- In senhasegura, in the navigation bar, hover over the Product Menu and select Settings.
- In the side menu, select Security and Network Policy > Authentication Security.
User accounts maintenance
| Item | Type | Description |
|---|---|---|
| minutes to expire session | Text field | Value, in minutes, for the session (login) to expire automatically. |
| Lock account after login errors after X attempts until locking | Text field | Number of failed login attempts, in a single login session, until the account is blocked. |
| Lock disabled account | Checkbox | Selects if an inactive account will be blocked. |
| X days until lock | Text field | If the Lock disabled account option is enabled, you must indicate the number of days without access until this account is blocked. |
| Force password change on first access | Checkbox | Selects if the user must change the password on first access. |
| Expire password | Checkbox | Selects if the password will expire automatically. |
| X days until password expires | Text field | If the Expire password option is enabled, you must indicate the number of days until the password expires. |
| Time between CSRF token (minutes) | Quantity selector | Select the maximum amount of time for the user to login before the CSRF token expires. |
Info
CSRF (Cross-Site Request Forgery) is an attack where a malicious website induces an authenticated user on another site, such as a bank, to perform an unwanted action, like a financial transfer. Without CSRF protection, a malicious link can perform this action as if it were the user themselves, using valid session cookies. To prevent this, CSRF tokens are used.
Multi-factor Authentication
| Item | Type | Description |
|---|---|---|
| Force multi-factor authentication to all Users | Toggle button | Enables or disables forced MFA authentication for all users. |
| Force digital certificate authentication to all users | Toggle button | Enables or disables forced digital certificate usage for all users. |
| Enable external Multi-Factor Authentication application | Toggle button | Enables or disables the permission to use an external solution for MFA authentication. |
| Allow ‘Trust this computer’ up to a maximum | Toggle button | Enables or disables the Trust this computer option. With this configuration enabled, token usage won't be necessary for the defined time period. |
| hours | Text field | Amount of time, in hours, that the computer will be considered trusted. |
| Accept with tokens generated until | Toggle button | Enables or disables the acceptance of expired authentication tokens. |
| second change | Text field | The amount of time, in seconds, that the expired token will be considered valid. |
Password Security Level
| Item | Type | Description |
|---|---|---|
| minimum characters for password | Text field | Minimum number of characters required for the password. |
| minimum numbers for password | Text field | Minimum quantity of numbers required for the password. |
| Restrict password reuse | Toggle button | Enables or disables permission for password reuse. |
| last passwords that cannot be used | Text field | If the Restrict password reuse option is enabled, you must indicate how many previous passwords cannot be reused. |
| Require symbols in the password | Toggle button | Enables or disables the requirement for symbols in the password. |
Continuous Identification
| Item | Type | Description |
|---|---|---|
| Rating drop | Quantity selector | Loss points to trigger reauthentication. |
| High risk sessions | Quantity selector | Number of critical sessions for reauthentication to be triggered. |
| Blocked commands | Quantity selector | Limit of audited commands per session for reauthentication to be triggered. |
| Session attempts at prohibited times | Quantity selector | Number of allowed attempts outside access hours for reauthentication to be triggered. |
| Viewing attempts at prohibited times | Quantity selector | Number of password viewing attempts outside permitted hours for reauthentication to be triggered. |
Info
To disable a trigger, set its value to zero.
Access control by IP
Attention
Note that when selecting the deny all option, you will need to include the address 127.0.0.1 (localhost) in the allowed IP list. This configuration is essential because the Seegura proxy performs access attempts internally and operates on localhost.
| Item | Type | Description |
|---|---|---|
| Allow all/Deny all | Radio button | Defines if all IP addresses will be denied or allowed. |
| Add | Button | Adds an entry at the end of the IP address listing. |
| IP Table | Table | The data for each IP access control member includes the fields Start, End, and Action. |
Adaptive MFA by location
| Item | Type | Description |
|---|---|---|
| Add | Button | Adds an entry at the end of the IP address listing. |
| Location-based Adaptive MFA Table | Table | Data for each member of the location-based adaptive MFA table containing the fields Start, End, and Action. |