INTRODUCTION
This article explains how to configure password policies and multi-factor authentication (MFA) for your organization in Dualog Identity. These settings help you enforce security standards across your fleet.
PASSWORD POLICY
Password policies are configured per organization and apply to all users. Settings sync to vessels, ensuring consistent security requirements whether users are authenticating in the cloud or onboard.
Accessing Password Policy Settings
- Log in to
https://apps.dualog.com - Navigate to Ship Staff
- Click the Settings tab
- Scroll to the Password policy settings section
Password Requirements
You can configure the following password requirements:
Minimum Password Length
Set the minimum number of characters a password must contain.
- Minimum allowed: 8 characters
- Recommended: 12 or more characters for better security
Complexity Requirements
Optionally require passwords to include specific character types:
| Requirement | Description |
|---|---|
| Uppercase character | Must contain at least one uppercase letter (A-Z) |
| Numeric character | Must contain at least one number (0-9) |
| Special character | Must contain at least one special character ($, #, %, etc.) |
Applying Changes
When you update password policy settings:
- New passwords must meet the updated requirements immediately
- Existing passwords remain valid until the user changes them
- Settings sync to vessels within minutes
MULTI-FACTOR AUTHENTICATION (MFA)
MFA adds an additional layer of security by requiring users to verify their identity using a second factor beyond their password.
Current availability: MFA is available for cloud authentication only. Support for ship-side MFA (TOTP) is planned for a future release.
MFA Methods
Users can authenticate using:
| Method | Description |
|---|---|
| SMS | Receive a verification code via text message |
| Receive a verification code via WhatsApp message | |
| Authenticator App (TOTP) | Generate codes using an app like Google Authenticator, Microsoft Authenticator, or similar |
Configuring MFA Settings
- Log in to
https://apps.dualog.com - Navigate to Ship Staff
- Click the Settings tab
- Scroll to the Authentication settings section
Organization-Wide MFA Setting
Require multi-factor authentication by default
When enabled:
- All users must use MFA to access cloud applications
- New users will be prompted to set up MFA on first login
- This setting overrides individual user settings
When disabled:
- MFA is optional
- Individual users can choose to enable MFA on their account
Self-Service Password Reset Options
Configure how users can reset their own passwords:
Self-service password reset via SMS
- When enabled: Users can request a verification code via SMS to reset their password
Self-service password reset via personal email
- When enabled: Users can request a verification code via their personal email to reset their password
- Requirement: User must have a personal email address registered to their account
- Personal emails can be added via CSV import, SCIM API, or crew management system integration
Note: Personal email addresses cannot be added manually in the user interface.
Allow email address reminders
- When enabled: Users can enter their phone number to receive their Dualog email address via SMS
- Useful when users forget which email address they used to register
USER MFA SETUP
When MFA is enabled (either org-wide or individually), users set up their preferred MFA method:
First-Time Setup
- User logs in with their password
- System prompts them to set up MFA
- User chooses their preferred method (SMS, WhatsApp, or authenticator app)
- User completes verification to confirm setup
Managing MFA as a User
Users can manage their MFA settings at https://crew.dualog.com:
- View current MFA methods
- Change MFA method
- Set up multiple methods for backup (users can configure both phone-based and authenticator app methods)
See Your Dualog Account for detailed end-user instructions.
DEFAULT PASSWORD BEHAVIOR
When a new user account is created:
Without a specified password:
- The default password is the same as the user's email address
- User is forced to change their password on first login
- If MFA is enabled, user is prompted to set up MFA after changing password
With a specified password:
- The provided password must meet the password policy requirements
- User is still forced to change their password on first login
Activation Links (Alternative)
For a smoother onboarding experience, you can use activation links instead of default passwords. See Activation Links for details.
PASSWORD SYNC TO SHIPS
Password policy settings sync from the cloud to vessels:
- Changes propagate within minutes when vessels are connected
- The ship-side identity server enforces the same password requirements
- Password changes made in the cloud sync to ships (during transit, before hashing)
SECURITY RECOMMENDATIONS
Password Policy
- Use a minimum length of 12 characters
MFA
- Enable organization-wide MFA for maximum security
- Encourage use of authenticator apps over SMS when possible
- Ensure users have phone numbers or personal emails registered for self-service recovery
General
- Regularly review user accounts and remove inactive users
- Monitor the User Activity logs for suspicious authentication patterns
- Use activation links for new user onboarding instead of default passwords
TROUBLESHOOTING
Users cannot meet password requirements
- Review your password policy - requirements may be too strict
- Ensure users understand the requirements (uppercase, numbers, special characters)
MFA codes not arriving via SMS
- Verify the user's phone number is correct
- Check if the phone can receive SMS (some ship satellite phones may not support SMS)
- Try using WhatsApp or an authenticator app instead
Self-service reset not available
- Verify self-service options are enabled in your settings
- Ensure the user has a phone number or personal email on their account
Comments
Please sign in to leave a comment.