Setting LEX Password Strength, forced reset & FIPS compliance (NON 365 users)

Setting LEX Password Strength, forced reset & FIPS compliance

The strength of passwords in LEX and the frequency at which users are required to change them, can be set by Opus 2 LEX in the system security setup; System Options > Security Options.

Password Strength Options: 

These options determine how complex users must make their LEX passwords and how frequently those passwords need to be changed. The options are: 

Password Attempt Options: 

These options set how many times the system will permit login attempts before temporarily locking the user out of the system, as well as the duration of the lock: 

Maximum Login Attempts Before Lockout: this option sets the number of consecutive failed login attempts allowed by each user before the system disables the account. 

NB: Only ‘System Administrators’ can enable a user account once it has been disabled from the user profile.

Maximum Login Attempts in Period & Login Attempts Period (mins): these two options combined, set the number of login attempts allowed within a specified time period, after which the system will temporarily disable login access. For example: 5 attempts with 3 minutes. This feature does not disable the user record entirely in its own right but it will contribute to the number of consecutive failed attempts, which may then exceed the limit set in accordance with the option above, which would fully disable the account.

Password Expiry Options:

These options determine whether or not LEX passwords expire after a designated time period: 

FIPS 140-2 Compliance Level 2: 

Federal Information Processing Standards (FIPS) are U.S. government computer security standards (of varying degrees) introduced to standardise, and provide good measure, of the security features required to protect data. They have been adopted by organisations across the globe. FIPS 140-2, for example, is the standard of security enforced by the administrators of Criminal Justice Secure Messaging (CJSM) service. 

LEX contains an option which automatically enables FIPS 140-2 level password compliance in LEX: 

 Selecting this option automatically sets FIPS 140-2 minimum compliant settings in the Password Strength Options, Password Attempt Options, and Password Expiry Options fields on the Security Options Settings page. 

NB: It is our recommendation that FIPS 140-2 compliance is enabled on your system.

User Password change in LEX

Users with access to their own User Profile screen and options, have the ability to change their own passwords at any point. To change passwords, users must navigate to their own User Profile page shown below. 

They must then select Change Password from the Options menu located at the top left of the User Profile screen: 

Users will then be prompted to change their password, and confirm the change:

NB: A password change confirmation email will be sent to the user at this time. This email does not contain detail of the new password itself. It is sent purely so users are notified when their password has changed.

User ‘Forgotten Password’ reset: Outside LEX

If a LEX user is unable to remember their password, they can use the forgotten password feature, accessible from the LEX login screen. Click to follow the on screen instructions to reset your password.

For more information  the following guidance walks through the process:

Expired Passwords: 

When the system is configured to automatically expire passwords after ‘x’ days, or where a chambers System Administrator suspects a security breach and has opted to expire all passwords immediately, users will get this message when logging in: 

With the security question functionality enabled, users will have to enter the answer before proceeding to changing their password.

NB: It is not currently possible for users of LEX iPhone or Android applications, to reset their passwords via those applications. All password / security question & memorable pin changes/resets, are only possible via the main LEX Chambers Management site.