Security Settings

Security Settings: This section establishes requirements for locking the chart and managing access through passwords. These settings apply to all offices in the account.

Locking: Locking the chart prevents entries from being changed or deleted, preserving the integrity of the data. The lock applies to conditions, existing, and completed treatments, though planned treatments may be included if desired. Any items deleted after the lock date will be displayed with a strikethrough, though the strikethrough items may be hidden using filters.

• Lock chart after ___ days: Enter the number days the practice will allow editing of entries before the chart is locked (between 1 and 35). If no number is entered, no lock requirement will be applied.
• Include planned items: Click this checkbox to include planned items in the lock requirement.
• Lock documents after___days: Enter the number of days the practice will allow editing before documents are locked. If entered, the maximum allowed is 35.

Password: Password settings improve security and reduce potential breaches. The practice must decide password strength requirements and any rules for locking. These requirements focus on timing and are separate from any requirements for incorrect entries. If a password expiration or modification requirement is set, the number of days may be set for as many as 999 days.

Days before requiring password change: Enter the number of days the practice will allow a user to use a single password before receiving a warning to change it. For example, if the practice enters 50 days, the user will be prompted to change his or her password beginning on the 50th day following the most recent change. The prompt appears after the user logs in but before the first QSIDental Web window opens. The user will be able to close the window and skip changing the password, but will receive the warning at each login either until the password is changed or until it expires. Once modified, the password timing resets and the user will be able to use the new password.

Days before expiring unmodified passwords: Enter the number of days the practice will allow a user to use a single password before being required to change it. For example, if the practice enters 60 days, the user’s password will expire on the 60th day following the most recent change. Once expired, the password can only be reset by the administrator.

The requirements for warning and expiring passwords work in concert with one another to provide ample warning to the user and protection for the practice. In the examples above, the practice warns users to change the password on the 50th day and expires the password on the 60th day. By using such an arrangement, the user receives a prompt to change the password every day beginning on the 50th day until the user either changes the password or until the 60th day when the password will expire.

The specific date on which the user will receive the warning is calculated based on the Password Last Modified field in the User Setup window on the Login Info tab. If the user’s password has never been modified (unmodified), no calculation can be made and the user will not be subject to the requirements. QSIDental recommends the Administrator create the user with a temporary password and ask the user to change it when they first login. Alternatively, the administrator can manually change the password (Edit User, Change Password button.) This will establish the Password Last Modified date so that all of the warning and expiration options will have a base date.

Password Requirements: Several options are available to the practice to establish strength requirements:

• Minimum password length: Enter the minimum number of characters for a user password.
• Password must include at least one upper and lower case letter: Click the checkbox to require the user’s password to contain both upper and lower case letters.
• Password must include at least one number: Click the checkbox to require the user’s password to contain a number.
• Password must contain at least one symbol character: Click the checkbox to require the user’s password to contain a special symbol such as !@#$%^&*()
• Password entered at login in exact reverse case is permitted: Click the checkbox to allow a user to enter the password in reverse case. For example, if the user’s password is QSIDental and he enters qsidENTAL, the password would be accepted.
• Number of previous passwords to be excluded: Enter the number of passwords the user must enter before being able to reuse a previous password. For example, if the practice sets this value as 3, the user must use four separate passwords before being able to reuse the first one.

Account locking options can warn and ultimately block access for a user that has entered the incorrect password more than the allotted times. These requirements focus on incorrect entries and are separate from any expiration requirements.

• Attempts allowed with invalid password before the account gets locked. Enter the number of times a user may enter an incorrect password before the account will be completely locked. For example, the practice will allow 20 attempts before locking an account.
• Attempts for warning to be displayed before account gets locked: Enter the number of times a user may enter an incorrect password before the user receives a warning that the account may be locked.

  

The requirements for warning and locking passwords work in concert with one another to notify the user he or she has entered an incorrect password. For example, the practice locks the account after 20 incorrect password entries, but warns users after 1 attempt. By using such an arrangement, the user receives a warning after the first attempt and can see how many attempts remain before the account is locked.

Locking Period (in minutes) for user after invalid logins: Enter the amount of time in minutes that the user must wait before attempting to reenter the password after the account has been locked. For example, if the practice sets this value at 15, the user must wait 15 minutes before being able to retry his or her password. An administrator may manually lift the lock by editing the user account. Deselect the checkbox beside Yes in the Account Lockout field.