Login Security

Login Security

This feature allows you to customize passwords and related Security Policies at the Security Role level which provides maximum control over System access.


  1. From the Admin Dashboard, select the Security Roles button in the Security panel.



  1. Since this area relates to Security controls, you will need to enter your System Password to access these features.
  2. Select the Submit Button.


  1. Choose the Role you want to customize the Password Security, select the View link in the Login Security column.

  1. Enforce Password Blacklist: Restricts commonly used phrases in Passwords and prevents the User's ID from being used as the Password. 
  • Changes made to this setting will take effect the next time a User changes their Password.
  1. Enforce Password History: Assign a minimum number of months before a User can re-use a Password.
  • Changes made to this setting will take effect the next time a User changes their Password.
  1. Inactive Lockout: Set a number of inactive days before locking a User’s account. 
  • The Site Admin will be presented with Inactive users on their Home Dashboard to re-activate or make deactivate.
  • 60 days is the maximum number of days that can be used.
  • Changes to this setting will take effect immediately.
  1. Maximum Failed Attempts: Set a limit for failed password attempts before locking the user's account.
  • The User must contact the Site Admin to change the password.
  • The Site Admin will receive an email when this occurs.
  • The System automatically requires the user to perform a captcha function (I am not a robot) after 3 failed login attempts.
  • Changes to this setting will take effect immediately.
  1. Minimum Password Length: Set a minimum number of characters for a Password.
  • Changes to this setting will take effect immediately.
  • The maximum Password length is 255 characters.
  1. Password Expiration: Set a period that a Password can be used before the User needs to change their Password.
  • Changes made to this setting will take effect the next time a User changes their Password.
  1. Password Notification: Set a number of days before the User is notified about their Password expiration.
  • Changes made to this setting will take effect the next time a User changes their Password.
  1. Require Special Characters: Set a special character requirement for Passwords (any character on the keyboard that is not a letter or number).
  • Changes made to this setting will take effect the next time a User changes their Password.
  1. Require MFA Login to access PHI ReportsRequire users assigned to this Role to use Multi-Factor Authentication in order to access reports that contain Protected Health Information (PHI). The User will enter the code that is sent to them to confirm their identity.
  • The method that is used to send this code is set up on the User's Profile using the Change Password/Two Factor Settings link.
  1. Require Password to access PHI Reports: Require users assigned this Role to enter their password to access Reports that contain Protected Health Information (PHI).
  • Users will be able to access PHI Reports for 10 minutes before being prompted to enter their Password again.
  1. Send Failed Login Reason in an Email: For Failed Login, send the Reason to the Email address that is associated with the User.
  • The email reflects the reason the login failed, such as, the password cannot login on this day, not a valid IP, outside of time frame, etc.
  • The following message will display on the login page:
    Unable to login. If the User exists, an Email has been sent to the User with details of the failed login. Please contact your System Administrator if you did not receive the Email.
  1. Select Save [F2].



    • Related Articles

    • Login Security (Table of Contents)

      Contents Keep Active, Deactivate, and Reactivate User IDs Login Security User Account Lock, Failed Login, and Login Notifications Two-Factor Authentication Password Reset

    • User Account Lock and Login Notifications

      A User will receive an email if: A User has too many unsuccessful login attempts, which will lock the User's account; The User is logging in on a computer that you have not used to log into the System previously; or The User has not logged into the ...

    • Security Overview

      Security Overview To be HIPAA compliant, each user should have their own unique user name and password. Security Level of Site Administrator A Site Administrator has access to all functions in the System. Users that have been assigned the Security ...

    • Managing Security Roles

      Security Roles Security Roles are a collection of Security Permissions. The Site Admin can assign a Security Role to a User to grant the necessary Permissions to do their job. There are six predefined Roles. These Roles can be modified to affect all ...

    • Reports Criteria Overview

      Most Reports default to the Post Date which is controlled by the date used in the Reference Batch. My Reports Panel: The Reports that the User has run are shown in this Panel. You can choose to see Unread reports only. Report History: This is the ...