All Categories ​ > ​ ​Admin Guide ​ > ​ ​Account Set-up ​ > ​     Enhance Account Security by Activating Security Settings

Enhance Account Security by Activating Security Settings

It is possible to increase the security of your accounts by activating security settings such as:

  • Password expiration
  • Blocking password reuse
  • Blocking automatic password recovery

Password Expiration

As an admin, you can make passwords expire to enhance account security by requiring users to change their passwords regularly.

To do this:

  1. Go to Admin, then select Users and Access.
  2. In the submenu Security Settings, locate the field Maximum Password Validity Period.
  3. Enter the time period during which a password can be used.
  4. Click Save.

  • The period can vary from 0 to 999 days, with 0 meaning the password never expires.
  • If the user has an email inbox:

Two notifications will be sent to the user before the password expires (7 days before and on the day of expiration).

  • If the notifications are ignored, the user will be redirected to the password reset page.
  • If the user uses a fictional address:

They will be redirected to the password reset page.

To change your password on Expensya:

All users are able to change their password. To do so;

  1. Click on the icon with your initials at the top left of the page.
  2. Click on Password.
  3. Enter your old password and the new password.
  4. Confirm by clicking the Confirm button.

Please refer to this article for more information: Password Management - Expensya - Expense Reports - Help.

Blocking Password Reuse

It is possible for admins to prevent users and administrators from reusing old passwords that have been previously used in Expensya during password reset.

To do this:

  1. Go to Admin then select Users and Access.
  2. In the submenu Security Settings, activate the option Block the reuse of old passwords.

Blocking Automatic Password Recovery

It is possible or admins to prevent users and administrators (with limited access) from recovering their accounts using the automatic password recovery system. This means they will not be able to recover their accounts using the Forgot My Password functionality in case they forget their password.

To do this:

  1. Go to Admin, then select Users and Access.
  2. In the submenu Security Settings, activate the option Block automatic password recovery.

From the same interface, admins can also activate two-factor authentification which makes an additional required step for users login. Also admins are able to activate passcodes which protects mobile app access.

For more details regarding the two-factor authentification, read this article.

If the features mentioned in this article are not yet enabled on your account, please contact Expensya's customer support to activate them.

How did we do?

Powered by HelpDocs (opens in a new tab)