In this article
Penelope Authentication refers to the use of Penelope’s built-in User Name and Password functionality and password algorithm. The most basic Penelope authentication setup includes a User Name and Password for each account, however, you can enhance the security of the authentication process by using 2-Step Login with Trusted Devices and Security Questions options.
If you’ve enabled 2-Step Login with Trusted Devices and Security Questions, you can optionally enable User Managed Password Reset which allows Workers to reset their own passwords without the need for a System Administrator’s or Superuser’s assistance.
Both 2-Step Login and User Managed Password Reset options require External Communications. Prior to configuring these options, ensure you’ve enabled and configured Authentication Email and, optionally, SMS.
Penelope Authentication Options
In this section
Best Practice (Passwords)
Each Worker has a unique User Name and confidential Password that they use to log in to Penelope. The User Name is automatically generated when the Worker’s account is created and you can view their User Name from their Worker Profile > Login Credentials. You can modify the User Name and Password from here if necessary.
Password requirements in Penelope reflect enhanced security considerations — passwords must meet minimum security requirements based on mathematical difficulty to crack.
We recommend that passwords include a combination of lower and uppercase letters, numbers, and symbols. Further, you should combine the characters in such a way to create a lengthy password. Ideally, have a minimum length of 12 characters.
Workers use the User Name and Password set in their Login Credentials to log in to Penelope.
In addition to a user name and password, each Worker also has a unique Login ID that is system generated and not modifiable. When a Worker creates or modifies a record in Penelope, the Login ID is included in a timestamp (date and time) indicating the record was added or modified.
The Login ID is static and is automatically generated in Penelope and is based on a combination of the first letter of the Worker’s first name and, in some cases, a shortened version of the last name at the time the account was created. If a Worker’s name changes in Penelope, the Worker ID does not change to ensure consistency for auditing purposes.
The 2-Step Login method enables you to set up additional identity checks that Workers must fulfill to access Penelope. This means that Workers will have to occasionally provide a verification code sent to a Trusted Device or answer a Security Question along with a correct User Name and Password to log in.
A Trusted Device is an email address or phone number associated with a Worker’s account where verification codes can be sent. 2-Step Logins make use of your Trusted Devices by sending a verification code to the device.
Security Questions are a method of verifying the Worker’s identity where the Worker responds to questions that only they should know the answers to. As a System Administrator, you set up a list of possible Security Questions that Workers can configure answers for.
Each time a Worker logs in to Penelope through a new browser (or if they have cleared their cache/cookies), they must respond to a Security Question or type in a verification code that has been sent to a Trusted Device. You can additionally require that, after a specified number of logins, a Worker must provide their 2-Step Login credentials.
User Managed Password Reset
If Trusted Devices and Security Questions are enabled, you can make use of User Managed Password Reset. The User Managed Password Reset feature allows a Worker to reset their own password.
When a Worker selects Reset account password, a verification code is sent to a Trusted Device. To reset their password, the user must enter the verification code and input the correct response to their Security Question.
About Configuring Penelope Authentication
While Penelope Authentication is enabled by default, there are several configuration steps you can take to customize the feature for your agency. Additionally, you can optionally enable 2-Step Login, Security Questions, and User Managed Password Reset.
Step 1: Verify External Communications configuration
To enable the 2-Step Login feature using trusted devices, you must configure your External Communication settings. If you have already configured your External Communication settings for use with email or SMS notifications for clients and staff members, you can use the same settings or set up a secondary email account for Authentication messages specifically. You may want to consider using a second email address for Authentication if you want to enable other Workers (i.e. those not responsible for managing External Communications) to view and respond to Authentication emails.
For more information, see the Authentication Email and, optionally, SMS topics.
Step 2: Customize general Penelope Authentication options
General Penelope Authentication options include global settings such as how often passwords must be changed, how often Workers need to confirm their Trusted Devices, whether a System Administrator or Superuser needs to confirm Trusted Devices, etc.
Step 3: Enable and configure 2-Step Login
If you want to enhance the Penelope Authentication process, you can enable and configure 2-Step Login. 2-Step Login means that users will have to occasionally provide a verification code sent to a Trusted Device or answer a Security Question along with a correct User Name and Password to log in.
Step 4: Create Security Questions
To allow Workers to confirm their identify using Security Questions, you can create a list of Security Question options. You can then update your 2-Step Login settings to allow for Security Questions.
Step 5: Enable User Managed Password Reset
If you have configured both 2-Step Login and Security Questions, you can enable the User Managed Password Reset feature if you want to allow Workers to reset their own passwords at the Penelope login page.
About Verification Code Messages
If you’ve enabled 2-Step Login and/or the User Managed Password Reset option, an email or SMS message is sent externally from Penelope to a Worker’s Trusted Device (email address or phone number). Examples of the messages a Worker could receive are below:
Example of a verification code sent via email
Example of a verification code sent via SMS