https://help.tallysolutions.com/docs/te9rel64/Data_Management/DM_Pwd_Policy.htm

Password Policy

Keeping financial data safe is of utmost importance to preserve its purity, avoid unauthorized changes and to keep customers’ financial information safe.

A good password policy will enhance data security and allow only authorized users to view financial data. In Tally.ERP 9, the Administrator can set a password policy in place; which users will have to adhere to, while creating and managing passwords for their company.

Features of Password Policy

Password Strength

Password Strength is the level of complexity which is attributed to your password, which will keep it safe from unauthorized attempts to retrieve or guess it. The components that decide the strength of a password are its length, complexity and unpredictability.

Using strong passwords lowers overall risk of security breach, but strong passwords do not replace the need for other effective security controls.

Password Strength is one of the password policies that comprise of two elements:

Minimum Password Length is the least number of characters that a password for a user, should contain.

Password Combinations helps users to strengthen their passwords and makes it difficult for unauthorized users to figure out these passwords.

Password Expiry

Password Expiry is a mechanism which requires users to change their passwords regularly. This is done because, over time users tend to give out their passwords, write it down, or otherwise compromise the secrecy of their passwords. Passwords leaked over time pose a security risk, which is mitigated by Password Expiry.

Password Expiry mechanism expects users to change their passwords at regular time intervals. This time interval is defined by the Administrator.

For example: If Administrator configures the Password Expiry as 90 days, users have to change their passwords every 90 days.

Password Expiry has another feature:

Notifying users when password expires .

Users will be notified before their passwords get expired, when they log-in to the company.

For example: If Administrator configures the Notification to be sent before password expiry as 5 days. Users will be notified from the 85th day about the password expiry till they change the password.

Password History

It’s possible to maintain a user’s password history and prevent the user from re-using their old passwords. The Administrator can specify how many previous passwords that should be stored in the Password History .

This would help in maintaining the secrecy of the Company data.

Policy Overriding

Some users can be excluded from following the Password Policy as they might be higher up in grade than the Administrator, like Supervisor, Manager, etc. For these users the Administrator can remove the Password Policy.

Allow user to change Password

The Administrator can allow a user to change his/her own password at any point in time as per the Password Policy described.