Skip to content

System Operator Ground Rules

System Operator Ground Rules

Use the System Operator Ground Rules page to set your organization's password policies for Volgistics System Operators. If you are not already on the System Operator Ground Rules page, you can there by:

  1. Choose Setup from the menu.
  2. Expand System Operators.
  3. Select Ground Rules.

The settings on this page affect the passwords and log in process used by Volgistics System Operators. They do not affect passwords or the log in process used by volunteers or coordinators. Those users access the VicNet portal so the password settings are found on the VicNet Ground Rules page.

Protect Your Account with Strong Passwords!

Volgistics takes the security of your data very seriously and follows industry best practices to make sure the system is safe. However, industry experts agree that the greatest threat to security is often the human factor presented by Operators using easy-to-guess passwords. You can prevent this by using the settings on this page to require new passwords to meet strength requirements. Common recommendations for strong passwords appear below. Items you can enforce with the settings found on the System Operators Ground Rules page appear with an asterisk (*) after them.

  1. The password should not simply be a word (or string of words) found in the dictionary. Requiring items 3 and 4 on this list should help prevent this.*
  2. The password should contain upper and lower case letters.*
  3. The password should contain numbers as well as letters.*
  4. The password should contain symbols (such as $, &, or ) as well as letters.*
  5. The password should be adequately long. Many feel that passwords should be 14 characters or longer to be secure.*
  6. The password should be unique to Volgistics. Meaning the password should not be used at any other website. You cannot enforce this with the settings on the System Operators Ground Rules page, but you can counsel your Operators to adopt this strategy.

For even greater security, you can turn on two-factor authentication so a code is required after the password to log in to the account. See the Two-Factor Authentication section below to enable this for your account.*

Password strength rules

Must be at least x characters long

Use this control to specify a minimum password length for Volgistics System Operator passwords. Choose any number between 6 and 30. For example, if you want to require that Volgistics System Operator passwords be at least 12 characters long, select 12 here. The system will prevent System Operators from choosing a password that is shorter than this.

Generally, longer passwords provide better security.

Must contain a combination of letters and numbers

When you check this box, new Volgistics System Operator passwords must contain some combination of letter characters (a through z) and number characters (0 through 9). When this box is not checked, new Volgistics System Operator passwords may contain just letter characters, just number characters, or some combination of both.

Generally, passwords that contain a combination of letters and numbers provide better security.

Must contain a combination of lower case and uppercase letters

Check this box if you want to require that passwords contain both lowercase and uppercase letters. When this box is not checked, passwords may contain all lowercase, all uppercase, or both lowercase and uppercase letters. This option is not available unless the option to make passwords contain letters and numbers is selected.

Must contain some characters that are not letters and numbers (such as !#$&?)

Check this box if you want to require passwords to contain at least one character that is not a number (0 through 9) or a letter of the alphabet (a through z).

Never expire

Expire every x days

Choose Never expire if you not want to require Volgistics System Operators to change their Volgistics passwords periodically.

Choose Expire every x days if you want to require Volgistics System Operators to change their Volgistics passwords periodically. Use the drop-down list to choose how frequently passwords should expire.

If you choose to have your System Operator passwords expire periodically, System Operators will receive a notice that their password will expire soon on the Welcome page beginning one week before their password will expire. System Operators may change their password when see this notice. If a System Operator does not change their password before it expires, Volgistics will require them to update their password the next time they log in.

Require New Passwords

After you update your account's password strength settings to protect your account, make sure Operators update their passwords to comply with the new requirements. Follow these steps to do this:

  1. Select Setup from the menu.
  2. Expand System Operators.
  3. Select an Operator's name from the list.

  4. Check the box in front of Operator must change their password when they login next.

    Image Must Change Password Setting

  5. Click the Save button at the bottom of the page.

  6. Repeat steps 1-5 for each Operator record you want to require to set a new password.

Two-Factor Authentication

You can enable two-factor authentication for your account to provide extra security when Operators log in. This will require them to enter a single-use code sent to them by email or to an authenticator app after they enter their password. See Getting Started With Two-Factor Authentication for more information about setting up this feature. The How to Log In help topic has details on how this impacts the log in process.

Check the box in front of Two-Factor Authentication to enable two-factor authentication for your account. Turning on two-factor authentication automatically makes it required for every Operator in your account. It can be disabled on an Operator-by-Operator basis if needed on the System Operator's record.

Allow devices to remember authentication

Check the box in front of Allow devices to remember authentication if you only want to require the two-factor authentication process the first time the Operator logs in using their own computer. When this is checked, the Operator will just need to enter their password when they are logging in on their own computer. The additional code will still be required if the Operator uses a different web browser or computer, or clears the cookies and history from their usual web browser.

Uncheck the box if you want the two-factor authentication process to be required each time Operators log in.

Only allow authorized app once set up

Check the box in front of Only allow authenticator app once set up if you only want the Operator to use an authenticator app to get the single-use code. When this is checked, the code will be sent by email initially until the Operator validates their authenticator app. After that the option to have the code sent by email will be removed.

System Operator Ground Rules