Intacct Security Settings: Passwords

Keeping Your Accounting Data Secure with password policies is an important piece in our high tech world. How often will you force your users to update their password?  How long will you require passwords to be?  How frequently will you allow users to re-use passwords?  With Intacct you can set up all of these things and more!

The password settings for your Intacct Solution can be found under Company > Company Information > Security as shown below.

Keeping Your Accounting Data Secure - Company Info

It’s important to note that the password settings are global, so once they are set they will apply to all users.  Unlike the time out settings detailed last week, users are unable to override these password settings.

The first setting you will see is Password Change Duration.  There are many options for this setting and it might take some time to find the right one for your company.  What is important here is finding a good balance between maintaining password security while not annoying your users with changes too frequently.  The options here are as follows:

  • Weekly
  • Bi-weekly
  • Monthly
  • Bi-monthly
  • Quarterly
  • Six-monthly
  • Yearly
  • Never *

* The ‘Never’ option mentioned above is not available for implementations created after August 2016 in order to ensure passwords are updated once a year at a minimum.

Keeping Your Accounting Data Secure - Change Duration

Next you will want to set the Minimum Password length required.  This can be anywhere from 8 characters to 72 characters.  Since the recommended best practice is to set minimum password length to 8 characters, this is the lowest number allowable here.

Another security measure available in Intacct is to prevent the users from reusing a previous password.  The minimum setting here is 3 which means that when doing a password reset the user cannot use any of the previous 3 passwords.  This setting will discourage the users from cycling through several common passwords.

Keeping Your Accounting Data Secure - Reuse Options

The Maximum sign-in attempts per day setting is very useful for keeping hackers out of your valuable data.  With the minimum being 1 and the maximum being 20 you should be able to find a setting that will satisfy your organization.  Once the maximum number of sign in attempts is achieved the user account will be locked and the user must contact an Administrator to be unlocked.  Each successful log in will reset this counter back to zero.

Another way to keep unwanted intruders out of your data is to restrict the number of password resets per day.  The Maximum reset attempt per day setting is where you can set this security measure up.  Intacct allows you to have either No Limit on reset attempts or between 1 and 10 attempts allowed.  It is typically recommended that this be set to 5 or less.

Keeping Your Accounting Data Secure - Reset Attempts

In addition to the above settings all Intacct passwords must contains at least one number, one lowercase letter, one uppercase letter and one special character (~`!@#$%^&*()_-+=>{}[]<>?/\.,:;’”)