1. Feature Overview
Administrator users can configure LeadSquared login settings for their users. To access these settings, navigate to My Profile>Settings>Security>Login Settings.
For information on other security-related settings, see –
- LeadSquared Security Settings – Authentication Provider
- LeadSquared Security Settings – Session Management
2. Enable Password Encryption
To enable this setting, click the slider 
. When enabled, passwords will be encrypted and sent from the browser to the server. Users will not be able to ‘Remember Password’ and the password won’t be stored anywhere in the browser cache.
3. Enable Dynamic Token for Mobile App
To enable this setting, click the slider . You can add more security to your Leadsquared account on the mobile app by enabling a dynamic authentication token. When you enable this feature, you won’t be able to simultaneously log in to your account on different mobile devices. If you log in from a second device, you’ll be logged out of your account on the first device.
4. Enforce Password Reset
To enable this setting, click the slider . If an admin has changed a user’s password, this setting will require the user to reset the new password upon their next login.
5. Enable Trust Device
To enable this setting, click the slider . Users can log into their LeadSquared account without verifying themselves through Two-Factor Authentication (2FA) each time. Click on Configure to set the default expiration period for a trusted device.
To learn more, read Authentication – Trusted Device.
6. Force Logout All Users
You may want to force logout users from your account for a number of possible reasons –
- LeadSquared may have added new features/enhancements or you may have opted for additional features or a change of plan. Sometimes, this requires users to log back in.
- If you suspect that your account has been compromised, you can force log-out all users as the first safety precaution.
- Some users prefer not to log out (and/or check out) of their accounts which may pose security risks.
Alongside the Force Logout All Users setting, click 
.
7. Force Reset Password For All Users
To ensure all your users change (reset) their passwords, alongside Force Reset Password For All Users, click Reset. This will automatically log out all your users from their LeadSquared accounts. When they try logging in, they’ll be required to set new passwords for their accounts.
8. Set Password Policy For Users
You can customise and set requirements (e.g., minimum password length allowed, minimum special characters allowed, etc.) for the passwords your users create. To do this, click Configure, and enter the following details –
- Minimum password length characters – The minimum character limit for the password. This setting is mandatory. The minimum limit you can set is 6 characters.
- Minimum upper case letter(s) from Latin alphabet (A-Z) – The minimum number of upper case letters that can be included in the password. You can allow up to 15 upper case letters in a password.
- Minimum lower case letter(s) from Latin alphabet (a-z) – The minimum number of lower case letters that can be included in the password. You can allow up to 15 lower case letters in a password.
- Minimum number(s) – The minimum number of numbers (0-9) that can be included in the password. You can allow up to 15 numbers in a password.
- Minimum non-alphanumeric character(s) – The minimum number of special characters (e.g., !@#$%, etc.) that can be included in the password. You can allow up to 15 special characters in a password.
- Maximum repeating characters – The minimum number of repeating characters (e.g., the letter ‘s’ ‘passssword’) that can be included in the password. You can allow between 2-15 repeating characters.
- Maximum sequential numbers – The maximum number of sequential numbers (e.g. the numbers 1,2,3 or 7,8,9) that can be included in the password. You can allow between 2-15 sequential numbers.
- Remember last password(s) to prevent password reuse – The number of last passwords (in sequential order) that cannot be set as the new password. For example, if your last four passwords were Purple, Orange, Maroon and Yellow (Purple being the newest), and if you set the value to 2, you cannot set Purple or Orange as the new password, but you can set Maroon or Yellow. You can restrict up to 10 previous passwords from being set as the new password.
- Password expires in day(s) – The number of days for which the current password will be valid. Once the password expires, your users will be required to set a new password. The minimum number of days you can set is 1.
Once you’re done, click Save.
Note:
- We recommend you Force Reset Password For All Users when you set your new password policy. This ensures all users comply with the new password policy requirements.
- When a user enters an incorrect password, LeadSquared tracks the number of failed login attempts. After three consecutive invalid attempts, the user receives an email notifying them that login attempts were made from a specific IP address. From the fourth attempt onward, a CAPTCHA is displayed, and no further emails are sent regarding failed login attempts.
Any Questions?
Did you find this article helpful? Please let us know any feedback you may have in the comments section below. We’d love to hear from you and help you out!
