This Configuration panel gives practices more options for password and workstation access security, in accordance with ADHA recommendations for the current version of Electronic Prescribing.
For information on granting and restricting access to features within Bp Premier, see User Permissions.
NOTE As of Orchid, Bp Premier enforces case sensitivity for user passwords, regardless of whether or not strong password complexity is enabled
Set password and access security
- Log in as a user with the Configuration permission set to 'Allow access'.
- Select Setup > Configuration from the main menu, and select the Security tab.
- Configure the following options to suit your practice. Tick an option and update the value to enable that setting.
- One uppercase letter
- One lowercase letter
- One symbol (such as the Shift+number keyboard characters)
- One digit character
- Click Save.
|
Field |
Description |
|---|---|
|
Minimum password length |
Minimum number of characters to be a valid password. The default is six characters. The maximum password length is always 20 characters. |
|
User lockout threshold |
Number of failed login attempts before the account is locked for the amount of time specified in 'User lockout wait period'. |
|
User lockout wait period |
Number of seconds before a user who is locked out can reattempt login. |
|
Maximum password age |
Number of days the same password can be used before Bp Premier will force the user to update their password. |
|
Password reuse interval |
Number of days before a user can reuse the same password, between 1 and 999 days. |
|
User inactivity timeout (electronic prescribing only) |
Number of minutes with no interaction from mouse or keyboard before Bp Premier will prevent a user from sending electronic prescriptions. Users will need to revalidate their Bp Premier password to send an electronic prescription. The re-login must be from the locked-out user. |
|
Strong password complexity |
Enforces 'strong' password complexity for all user accounts. NOTE As of Orchid, Bp Premier enforces case sensitivity for user passwords, regardless of whether or not strong password complexity is enabled A complex password must contain at least one each of the following characters: |
When do I need to update my password?
If a password security setting is ticked and enabled and configuration saved, if a user's password does not meet the security requirements when they next log in, the user will be asked to create a new password that conforms to the new setting.
If the minimum password length is updated, users will be asked to conform to the new password length the next time they change their password, not next login.
Communicating changes
Users with passwords that do not meet the length and complexity criteria will not be able to log in until their password has been updated to the new standard. Ahead of the change, Best Practice Software recommend the following:
- Update your practice's policy for workstation access to include standards for password length and complexity.
- Communicate to your staff that password security has been introduced and provide a 'grace period' opportunity for all staff to update their passwords, for example, to meet minimum length and to contain at least one symbol and digit character.
You may find RACGP resources on information security useful in setting up your practice policies.
You may wish to use the internal messaging function to communicate any changes to password security. Remember that users will not see this message until after they have successfully logged in.
Set passwords for new users
As of Saffron SP2, the Force password change on next login check box has been added to the New user screen. If Force password change on next login is selected, the new user will be required to change their password when they next log into Bp Premier.
See Add or update a user for more information.
Related topics
Last updated: 29 August 2023.
AU 