Managing account and access settings
System Administrators can manage user account and session settings via the Access Settings tab within Settings > Users & Access. This enables organizations to align user access with their security policies. This document provides instructions for configuring password settings, two-factor authentication, session inactivity timeout, and login failure/lockout rules for all users.
How to configure password settings
System Administrators can define password settings to enforce regular password changes for Acunetix user accounts. They can also control whether users are allowed to reuse previous passwords and set the criteria for password expiration.
- Log in to Acunetix.
- Select Settings from the side menu.
- Select Users & Access > Access Settings.
- In the Password history field, input the number of unique new passwords a user must set before they can reuse an old password. Enter 0 if you don't want to enforce this setting.
- In the Password max age field, input a number to determine how often users must change their password. For instance, entering 90 means users must change their Acunetix account password every 90 days. Enter 0 if you don't want to enforce this setting.
- Click Save at the bottom of the page.
How to enable Two-factor authentication
Enabling this option prompts users to configure two-factor authentication (2FA) during their next login. For instructions on setting up 2FA, refer to How to configure 2FA for your account in the user documentation.
- Log in to Acunetix.
- Select Settings from the side menu.
- Select Users & Access > Access Settings.
- In the Two-factor authentication section, select Yes to enable 2FA.
- Click Save at the bottom of the page.
Session and lockout settings
This section allows you to set rules for automatic logout or account lockout in Acunetix. You can configure parameters such as inactivity timeout, the number of failed login attempts, and the time frame for those attempts. Additionally, you can specify a lockout period, after which users can log in again if they were previously locked out of their accounts.
How to configure session timeout
- Log in to Acunetix.
- Select Settings from the side menu.
- Select Users & Access > Access Settings.
- Scroll down to the Session and lockout settings section.
- In the Inactivity Timeout field, input the number of minutes after which all user sessions will expire, prompting users to log in to Acunetix again. Using the default setting of 0 will result in user sessions timing out after 10 hours.
- Click Save at the bottom of the page.
How to configure maximum consecutive login failures
- Log in to Acunetix.
- Select Settings from the side menu.
- Select Users & Access > Access Settings.
- Scroll down to the Session and lockout settings section.
- In the Maximum Consecutive Login Failures field, input the number of consecutive login failures allowed for users before they are locked out of their Acunetix account. Enter 0 if you do not want to enforce this setting.
- Click Save at the bottom of the page.
How to configure the time window
- Log in to Acunetix.
- Select Settings from the side menu.
- Select Users & Access > Access Settings.
- Scroll down to the Session and lockout settings section.
- In the Time window field, specify the time period during which the specified number of consecutive login failures must occur. The default setting is 60 minutes. Enter 0 if you do not want to use this setting.
- Click Save at the bottom of the page.
How to configure lockout time
- Log in to Acunetix.
- Select Settings from the side menu.
- Select Users & Access > Access Settings.
- Scroll down to the Session and lockout settings section.
- In the Lockout time field, input the number of minutes that must pass before a user can attempt to log in again after being locked out of their Acunetix account. The default setting is 30 minutes. During this specified period, the user remains locked out. Enter 0 if you do not want to enable this setting.
- Click Save at the bottom of the page.