TABLE OF CONTENTS


Note: This article describes the standard security settings. But the School Settings page allows setting up most of these functions.


Password Strength


GEGI users/students passwords must contain:

  • at least eight characters
  • at least one uppercase and one lowercase letter
  • at least one digit
  • at least one special character (e.g. !@#%^&*()-+=):



Password strength requirements can be defined on the School Settings page (the Cybersecurity Options section):

  • Minimum password length, characters
  • Password must contain uppercase and lowercase letters
  • Password must contain digits
  • Password must contain special characters. Example: !@#%^&*()-+=

Note: The users/students with the passwords that do not meet the requirements will be prompted to change their password after logging in. Therefore if the password requirements change all users/students will have to change their passwords to meet the new requirements.


Password Privacy


After creating a profile for a user or giving access to a student they receive an email with the instructions and a unique link to the page where they will have to set up their new passwords. The users/students will not be able to access GEGI until it is done.

Note: The user notification email is titled "GEGI - New user - Set up password". The students notification email is titled "Now you have access to GEGI - School Name":




The Student "Name": Lead Details and User Details pages allow resetting the password using the Reset Password button under the Access panel:



After that, the user/student receives an email with the instructions and a unique link for the password reset procedure. The user/student will not be able to access GEGI until the password is changed.

Note: The user notification email is titled "GEGI - Password Reset". The students notification email is titled "Password has been reset for your GEGI Account - School Name":




Please, note, that no actual user/student password sent in those emails. There is no way to set a password for any other user/student.

Therefore, nobody can know the password except the user/student who set it up, not even GEGI Support.


Blocking Users/Students After Unsuccessful Login Attempts


Users/students have five attempts to log in to the system. If the user/student fails to enter the correct password after five attempts the user/student account gets blocked:



The user/student will then receive an email notification titled "GEGI - Your account is blocked":



Note: The system will block the usernames (logins) even if they are not yet registered. For example, if a user tries to log in with some username before having got the access to GEGI. The block is removed when the account with that username is created.  


The user/student blocking can be set up on the School Settings page (the Cybersecurity Options section):

  • Block user accounts after some unsuccessful login attempts - should an account be blocked after the certain number of attempts to use an incorrect password
  • Block unknown logins after some unsuccessful login attempts - block non-existing accounts (unregistered usernames)
  • Users can remove the block after password reset - should the block be removed after the user password is reset
  • Students can remove the block after password reset - should the block be removed after the student password is reset
  • Maximum number of unsuccessful login attempts - the allowed number of attempts to use an incorrect password


How to Check Whether a User/Student Account Is Blocked or Not?


The user/students pages have the information about the block in the Status field: on the Student "Name": Lead Details page for students and on the User Details page for users:



How to Find the Blocked Users?


When searching students (Access Status search parameter on the Leads & Students page) or users (Show search parameter on the Manage Users page) you can see the Blocked option to search only the blocked users/students:


  


How to Unblock Users/Students?


Users will have to contact GEGI support to unblock an account.


Users can unblock a student account manually using the Remove Block button under the Access panel on the Student "Name": Lead Details page:



After the block is removed the user/student receives an email with a link to the login page and the password reset page in case the user/student has forgotten the password:



Note: Users and students can manually remove the block by resetting their passwords using the Reset Password button on the login page if the Users can remove the block after password reset and Students can remove the block after password reset settings are enabled in the School Settings.


Regular Password Changing


GEGI features the regular password changing as well as the validation for the new password being different from the previous ones. 

A few days prior to the password change date users receive an email notification.

Furthermore, the system suggests changing the password each time the users log in to GEGI.


Before the due date, the users may skip the password change and proceed with the old one:



The password change becomes a requirement after the due date:



After changing the password, the user receives a confirmation email:



The automatic password change can be configured for users and students separately:



  • Password Expiration Period, months - how frequently the passwords should be changed (every 6 months by default).
  • Notify Before the Password Expires, days - the users get notified about the password change this number of days before the password expiration date (7 days by default).
  • Number of Passwords Generations that Cannot be Reused - how many times the user must choose a unique new password before any of the previous passwords can be used again (5 unique passwords by default).
  • Period for Which Passwords Cannot be Reused, months - how much time should pass between using the same password again (5 months by default).