Managing account and access settings

System Administrators can configure user account and session settings on the Access Settings tab available under Settings > Users & Access. This allows customers to manage their users' access to Acunetix in line with their own organization's security policies.

This article explains how to configure password settings, two-factor authentication, session inactivity timeout, and login failure/lockout rules for all users.

Configuring password settings

System Administrators can specify password settings that force users to change their Acunetix user account password after a defined period and decide if/when users can use their previous passwords.

How to configure password settings

  1. Log in to Acunetix.
  2. Select Settings from the side menu.
  3. Select Users & Access > Access Settings.
  4. Enter a number in the Password history field. This is the number of unique new passwords that a user must set before they are permitted to re-use an old password. Enter 0 if do not want to utilize this setting. 
  5. In the Password Max age (days) field, enter a number to specify how frequently users will be required to change their password. For example, if you enter 90, that means every 90 days, your users will be forced to change their Acunetix account password. Enter 0 if do not want to utilize this setting.
  6. Click Save at the bottom of the page.

Two-factor authentication

When you enable this option, each user is requested to configure two-factor authentication (2FA) for their account at their next login. For user information about configuring two-factor authentication, refer to How to configure 2FA for your account.

How to enable two-factor authentication

  1. Log in to Acunetix.
  2. Select Settings from the side menu.
  3. Select Users & Access > Access Settings.
  4. In the Two-Factor Authentication section, select the checkbox next to Require Two-factor Authentication for all users.
  5. Click Save at the bottom of the page.

Session and lockout settings

Use this section to configure rules for when users are automatically logged out of Acunetix or locked out of their accounts. This could be due to user inactivity for a specified period, multiple failed login attempts, or failed login attempts within a specified period. If users are locked out of their accounts, you can also set a lockout period, after which time they can log in to their accounts again.

 

How to configure session timeout

  1. Log in to Acunetix.
  2. Select Settings from the side menu.
  3. Select Users & Access > Access Settings.
  4. Scroll down to the Session and Lockout Settings section.
  5. Enter a number in the Inactivity Timeout (minutes) field. This is the number of minutes after which time all user sessions will expire and users will be required to log in to Acunetix again. If you use the default setting of 0, user sessions will timeout after 10 hours.
  6. Click Save at the bottom of the page.

How to configure maximum consecutive login failures

  1. Log in to Acunetix.
  2. Select Settings from the side menu.
  3. Select Users & Access > Access Settings.
  4. Scroll down to the Session and Lockout Settings section.
  5. Enter a number in the Maximum Consecutive Login Failures field. This number determines how many times users can fail to log in to Acunetix. After the specified login failures, the user is locked out of their account. Enter 0 if do not want to utilize this setting.
  6. Click Save at the bottom of the page.

How to configure the time window

  1. Log in to Acunetix.
  2. Select Settings from the side menu.
  3. Select Users & Access > Access Settings.
  4. Scroll down to the Session and Lockout Settings section.
  5. Enter a number in the Time window (minutes) field. This number determines the period in which the login failures need to occur. The default setting is 60 minutes. Enter 0 if do not want to utilize this setting.
  6. Click Save at the bottom of the page.

How to configure lockout time

  1. Log in to Acunetix.
  2. Select Settings from the side menu.
  3. Select Users & Access > Access Settings.
  4. Scroll down to the Session and Lockout Settings section.
  5. Enter a number in the Lockout time (minutes) field. This number determines how many minutes need to pass before a user can try to log in again. The default setting is 30 minutes. During the specified period, the user remains locked out of their Acunetix account. Enter 0 if do not want to utilize this setting.
  6. Click Save at the bottom of the page.

« Back to the Acunetix Support Page