This page allows setting new security levels to new security levels to all MailUp accounts.
Each administrator can set up user password user password expiration policies that policies that may also include:
- Password expiration, choosing between:
- Passwords should not expire,
- Set a mandatory password change and how often it expires.
Password change settings: it allows to force the new password to be different than the last N used.
Password strength requirements:
- Basic: minimum minimum 8 characters in length,
- Medium: minimum minimum 8 characters in length with at least one uppercase letter and one number,
- Advanced: minimum minimum 8 characters in length with at least one uppercase letter, one number, and one special character.
Two-factor authentication (2FA) adds an additional layer of security to the authentication process by making it harder for attackers to gain access to MailUp platform.
Two-factor authentication (also known as two-step verification) is associates a security code delivered through a mobile device to the classic account password. Once activated, when first entering in the platform, users will be asked to scan the QR code on the login page and enter a verification code generated by an application installed on a device in their possession. To use this option, users will need to download the Google Authenticator app or another two-step verification app like Authy.
Since then, during the login MailUp will ask your username and password as usual. A second page will then be displayed asking to enter a verification code received on the associated mobile device.
The Two-factor authentication is by default disabled. The administrator accounts can enable the option:
- for all users
- for certain users
- by looking for them manually in the search bar
- by selecting all users and excluding the one you want to disable the option for.
When a user logs in for the first time after 2FA has been enabled at a user level, MailUp will ask to follow this 3 steps:
- Download Google Authenticator app on your mobile device.
- Open Google Authenticator app and add a new website: it will ask you to scan the QRcode.
- Enter the numerical code shown in the app.
Starting from now, to enter your MailUp platform, you will need to insert your username and password and the verification code.
In case a device connected to a MailUp user is no more available, the 2FA can be reset from the “User permissions” page by selecting “Reset two-factor authentication” in the Actions available for an existing user. At the next login, this user will be asked to associate another device with a QR code.