As data breaches become more common, organizations start re-examining their security policies. In particular, they look at how their employees access company cloud-based services. In the past, IT teams would secure employee devices and tools with VPNs or company-owned hardware. But the rise of cloud applications and mobile devices brought new security challenges. Employees can now work from anywhere, on any device, and use various networks to access company data. Hackers can use that to intercept employee passwords and find an easy way to gain access to corporate systems. That’s why IT leaders need to take action now and protect their organizations against these threats. And the password security problem should be at the forefront of their mind.
A report by Preempt revealed that 19% of enterprise professionals tend to use weak passwords or share them, which makes their accounts easily compromised. If your team uses Jira in their daily work, you need to make sure that their accounts are protected by strong passwords that are changed on a regular basis and match the industry standards. We designed the Enterprise Password Policy app to do just that.
Jira offers a password policy feature out-of-the-box, which enables administrators to set restrictions and limits on the types of passwords for Jira users. This feature is disabled by default, so to take advantage of it, you need first to turn it on and configure according to these instructions. Remember that the policy will only work as long as Jira users can change their passwords. For example, if your Jira instance is connected to Active Directory, it doesn’t make sense to use this feature. Our app complements it and gives Jira administrators full control over various aspects related to setting, managing, and renewing passwords.
We designed the app to boost the strength of user passwords on the basis of rules defined by Jira administrators. Here are some key features of Enterprise Password Policy that come in handy to every administrator who wants to ensure the top security of their Jira instance:
The app will support only users located in the Jira Internal Directory. After the first login, new users will be redirected to a special change password page where they have to input their password to be validated. That’s where administrators make sure that new passwords meet their rules.
Here is what the change password page looks like:
Users will see all the rules defined by the administrator for creating a new password. In this example, a valid password must match at least three of the four rules established by the administrator in the bullet point list. Moreover, the administrator also defines the length of the password between 8 and 250 characters and reminds users that they can’t set a password they have used previously.
If the administrator enables the password expiration notifier, users will get an email with information that their password stored in Jira, Confluence, and BitBucket server will expire soon. Administrators can change the content of the email message to match their needs. If the password expiration policy is enabled for Jira users, the users whose passwords have expired will be forced to change their password while attempting to log into the Jira, Confluence, and Bitbucket server. If their account is locked, their attempt to log in will fail, and they will see the following message: ‘Your password has expired and must be changed.’
As Andrew Rossow stated in the Forbes article, ‘Security should be as easy to use as apps – swiping, shaking and a few clicks should get you what you want.’ With our app, you can protect your organization from security breaches by enforcing a smart password policy which ensures that users create passwords according to your rules, never share or reuse them, and fail to log in once they expire.
Curious about Enterprise Password Policy? Feel free to drop us a line at support@deviniti.com.
Dzmitry Hryb _Deviniti_
Marketing Manager
Deviniti
Wrocław, Poland
3 accepted answers
1 comment