Managing SDS Enterprise account login
To change the SDS Enterprise login management settings:
- Right-click on the SDS Enterprise icon
in the Windows system tray. - Select Properties.
- In the Configuration tab, double-click Connection.
Choose when to request password or secret code
In the Connection tab, Ask for secret code section, choose:
-
At connection time only: this option is recommended in most cases.
-
On each signature or decryption operation: to ensure greater security, you can request that the password or secret code be systematically required for each operation involving the user’s private key.
-
Every X minute(s): if you enable this option, the session will be kept open for the specified time. After this time, the password will be requested if the user performs an operation.
To prevent fraudulent use of the product, we recommend setting the SDS Enterprise account to be locked or automatically logged out when the user is inactive on their workstation. For more information, see the next sections.
Choose how often to change your password or secret code
This section applies to Password accounts only.
The more regularly you change your secret code (every X days), the less likely it is it will become detected by someone else. You will thus be better protected.
In the Connection tab, Change secret code section, select an option and use the arrows to indicate the time period:
- Request change every x day(s).
A window invites the user to change their password. This option ensures better password confidentiality. By changing it regularly, you limit the risk of it being known to a third party.
- Impose change every x day(s).
A window prompts the user to change their password.
- Inhibit change before x day(s).
This option stops users from changing their password before a certain period. This prevents users from changing their password once, then changing it again back to their original password. These successive changes would allow users to use the same passwords over and over again, resulting in reduced security.
Select the action to perform when removing the smart card
If the user uses a smart card or a USB token, you can configure the behavior of SDS Enterprise when the card is removed.
Select either:
- Lock: the SDS Enterprise session is automatically locked,
- Disconnect: the SDS Enterprise session is disconnected.
For information on locking and disconnecting from SDS Enterprise, see Locking or disconnecting from the SDS Enterprise account.
Select the action to perform when the Windows session enters sleep mode or is locked
On the Screen saver tab, you can choose the action performed by SDS Enterprise when the screen saver is enabled or when the Windows session is locked.
-
No action: the SDS Enterprise session remains active. This option is not recommended for security reasons.
-
Lock session: the lock is effective five seconds after the Windows session enters sleep mode or is locked.
- If you select the And unlock on waking up check box: the password or secret code will be requested when the system wakes up, i.e. as soon as the user moves the mouse or presses a key on the keyboard,
- If you do not check this box: the password or secret code will be requested at the first encryption operation after waking the system.
-
Disconnect: disconnection takes place five seconds after the Windows session enters sleep or is locked.
For information on locking and disconnecting from SDS Enterprise, see Locking or disconnecting from the SDS Enterprise account.
Using the Lock Session or Disconnect options may have unwanted effects if you are using the Stormshield Data Virtual Disk feature with data in use at the time of entering sleep or locking.