Last Updated: 2023-01-31 19:00:31
Curator 101: Boost Site Security with New Password Settings
Keith Brandenburg
May 9, 2022
It’s always a good idea to keep your site as secure as possible. Beyond settings like https, multi-factor authentication and firewalls, you can now set better password policies. Password complexity options allow you to set stricter rules for passwords to prevent users from creating weak passwords. Password expiration allows you to require users to change their passwords on a frequent basis. Let’s take a deeper look into these two settings.
Password Complexity Options
Password complexity allows you to set rules to require stronger passwords. To enable and configure password complexity options, go to Backend > Settings > Curator > Portal Settings. Under the general tab, you will find a section called Security. Expand that, and you can now find the Password Complexity Options toggle. Please note that in order to view and configure this setting, you must have Password Change or Password Reset settings (or both) enabled, which require you to use Tableau or Curator as your authentication:
Once you toggle on Password Complexity Options, you will see three different options you can set to require stronger passwords:
It’s a good idea to set a long length requirement, the longer the better, but don’t go too overboard or your users may want to write their passwords down on a Post-it note attached to their display. The first time you enable this setting, it will default to 10.
Once enabled, you will now see these requirements on pages that allow you to set a password:
Password Expiration
Password expiration can be found on the same Portal Settings page and tab, right next to the Password Complexity Options. Like the prior option we looked at, you must have Password Change or Password Reset enabled to be able to view password expiration. Click the toggle to enable it, and you will now see you can set the number of days until user passwords will expire:
If enabled, the login page will check to see if the user’s password is expired and, if so, redirect them to a page to set a new password. Once this is done, they will be able to log in with the new password.
Setting a prudent expiration date, such as 90 days, and turning on password complexity options are easy, effective ways to make your Curator portal even more secure.
Recently, Tableau has been encouraging the use of connected apps for external applications, instead of using trusted tickets. All of Tableau’s recent embedding features require connected apps. Since this only deals with behind the scenes authentication, there is no impact to the end user. In our effort to remain closely aligned with Tableau, Curator is transitioning to only using connected apps.
Curator has added the feature to be able to send mark commenting data to a webhook. With the widespread use of API integration platforms, this really opens the doorway to virtually unlimited use cases.
If you’ve got users reporting access issues, your first stop on the road to resolution should be the User Menu Access button. This feature gives you a snapshot view of any given user’s current menu structure, as well as their permissions status for all the content within that menu.