Skip to main content

Authentication Guide

This guide provides an overview of the authentication process for NopeSight v3, including logging in, password requirements, and two-factor authentication (2FA).

Login Process

The login process is designed to be secure and straightforward. All user accounts are required to use Two-Factor Authentication (2FA).

First-Time Login

If you are logging in for the first time or with an older password, you may be guided through one or both of the following mandatory security updates:

  1. Password Update: If your current password does not meet the new, stronger security requirements, you will be required to create a new password immediately after logging in.
  2. 2FA Setup: After your password is secure, you will be prompted to set up 2FA using an authenticator app (like Google Authenticator, Authy, or Microsoft Authenticator). Scan the QR code provided and enter the 6-digit code to complete the setup.

You will not be able to access the application until these security steps are completed.

Subsequent Logins

  1. Enter Credentials: On the login page, enter your email and password.
  2. Provide 2FA Code: After submitting your credentials, you will be prompted to enter the 6-digit code from your authenticator app.
  3. Access Application: Upon successful verification, you will be logged into NopeSight.

Password Requirements

To protect your account, all passwords must meet the following criteria:

  • Minimum Length: At least 12 characters.
  • Complexity: Must contain at least one of each of the following:
    • An uppercase letter (A-Z)
    • A lowercase letter (a-z)
    • A number (0-9)
    • A special character (e.g., !@#$%^&*)
  • Uniqueness: Cannot be a commonly used password (e.g., 'password123').
  • No Repetition: Cannot contain simple sequential or repeated characters (e.g., '12345' or 'aaaaa').

Account Security

NopeSight includes several features to protect your account:

  • Account Lockout: To prevent brute-force attacks, the system will temporarily lock an account after multiple failed login attempts. If you are locked out, please wait 15-60 minutes before trying again or contact your administrator.
  • Session Timeout: For your security, sessions automatically expire after 2 hours of inactivity. You will be required to log in again to continue.
  • Backup Codes: After setting up 2FA, you will be provided with a set of single-use backup codes. Store these in a safe place. They can be used to access your account if you lose access to your authenticator device.

Troubleshooting

  • Invalid Credentials: If you receive this error, double-check your email and password. Ensure your Caps Lock key is off.
  • Invalid 2FA Code: This error usually means the code has expired or the time on your device is out of sync with the server. Ensure your phone's clock is set to update automatically. If the issue persists, you can use one of your saved backup codes to log in.
  • Account Locked: If you are locked out due to too many failed attempts, you must wait for the lockout period to expire.

For persistent issues, please contact your system administrator for assistance.