Administration | Configuration | Login and Password Expiration
Introduction
The Session and Password Expiration module in CheckOp allows you to configure essential security policies to protect information and access to the platform. You will be able to define how long a session can remain inactive before it automatically closes and how often users must change their passwords. This helps minimize security risks and maintain the integrity of your data.
Function Location
- Function can be found under Administration -> Configuration -> Session Timeout and Passwords
No Activity Session Expiration
Recommended Values
| Security Level | Recommended Time | Use Case |
|---|---|---|
| High | 5 minutes | Highly sensitive information, shared environments |
| Medium | 10 minutes | Standard corporate use |
| Low | 30+ minutes | Low sensitivity environments |
When a Session Expiration Occurs
-
The system detects that there has been no activity for the time setthe configured time
- The session is automatically logged out
- User is redirected to the login screen
- A message is displayed informing that the session has expired due to inactivity.
- To continue working, the user must authenticate again.
Unsaved tasks may be lost when a session expires. It is advisable to save work frequently. The platform does not consider fields where you are typing without submitting as "activity" - it only records complete interactions with the server.
User Password Expiration
Recommended Values
| Security Level | Recommended Time | Use Case |
|---|---|---|
| High | 30 - 60 days | Environments with highly sensitive data, financial or medical information |
| Medium | 60 -90 days | Standard corporate use, customer data |
| Low | 90 - 180 days | Environments with low sensitivity information |
| Security Level | Recommended Time | Use Case |
|---|---|---|
| High | 5 minutes | Highly sensitive information, shared environments |
| Medium | 10 minutes | Standard corporate use |
| Low | 30+ minutes | Low sensitivity environments |
When a user's password expires in the CheckOP system, the following process occurs:
- Initial Login: The system allows the user to log in with their current password (even if it has expired).
- Automatic redirection: Immediately after login, the user is automatically redirected to the password change screen.
- Access restriction: The user cannot access any module or functionality of the system until he updates his password.
- Mandatory update: The user must set a new password that meets the security requirements configured in the system.
- Normal continuation: Once the user has successfully updated his password, he can normally access all system functionalities according to his permissions.