new
improved
Version 1.0.0.667-668
Login Security
Asset Controller now supports optional email verification at login using a one-time code (OTP) sent to the user’s registered email address.
Where to configure:
Global Settings
→ Login Security
tabRequire email verification code at login (default: Off)
When enabled, users must enter a 6-digit code emailed to their profile email address after entering a valid username and password.
Require OTP every day (0 = every login) (default: 0)
How often OTP is required on the same computer. 0 = every login. Verification is remembered per user per machine.
Apply frequency to idle screen unlock (default: On)
When frequency is set (e.g. 7 days), controls whether idle unlock uses the same rule. If unchecked, idle unlock always requires OTP even when login would be skipped.
Code validity (minutes) (default: 10)
How long each code remains valid after it is sent.
Max code attempts (default: 5)
Wrong entries allowed per code before it is invalidated (user must request a new code).
Max codes per hour (default: 3)
Limits how many codes can be sent to a user per hour (reduces abuse).
Max failed logins (default: 5)
Failed username/password attempts before the account is temporarily locked.
Lockout duration (minutes) (default: 15)
How long the account stays locked after too many failed logins.