Administration > Security & logging

On this screen, you can choose how detailed logs memoQWeb should keep; how to handle when someone enters a wrong password too many times; and if users can reset their own passwords.

How to get here

  1. Sign in to memoQWeb as an administrator.
  2. On the left sidebar, click the Admin icon.
  3. On the Admin screen, click the Security & logging button. The Security & logging screen opens.
    mqw-nxt-sec-and-logging

What can you do?

Logging level defines how much information you will find in memoQWeb's logs. You can choose this in the Logging level section. There are five levels:

  • Off: No events are logged.
  • Error: Only error events are logged
  • Warning: Error and warning events are logged
  • Info: Error, warning, and information events are logged.
  • Verbose: memoQWeb logs all operations.

To save your changes to this section: Click the Save button at the bottom of the section.

In most cases, use the Warning level: It does not use a lot of disk space, but shows all events that report or predict problems.

Do not use the Error or the Off setting, unless your server has very little disk space.

Use the Info or the Verbose setting only if you are trying to pinpoint a tricky problem. These two levels take up a lot of disk space.

The log files are stored on the Web server that runs memoQWeb, in the C:\ProgramData\memoQWeb\Log folder (on all systems).

Account lockout happens when a user tries to log in with a wrong password too many times. Because this may be because they forgot their password, they can also request a password reset - if that is enabled on the server.

Set this up in the Account lockout section:

mqw-nxt-sec-lockout

To turn on account lockout: Under User account can be locked out, choose the Enabled option. You can set more options:

  • Lockout threshold: By default, memoQWeb locks a user account after three failed sign-in attempts. You can change this to a higher number.
  • Lockout duration: Normally. lockout time is 5 minutes. 0 means forever: in this case, an administrator must unlock the account manually. When someone tries to get into the account by trying a lot of passwords in a row, this delay will slow down the attack.
  • Reset lockout after: After a user had a number of tries, and some time passes, memoQWeb will start counting the number of tries from zero again. You choose this time here. Normally, it is 5 minutes.

    When account lockout is enabled, memoQ server checks if the password is valid. If it is, the lockout counter becomes 0, and the user is allowed in. If the password is incorrect, memoQ server adds 1 to the lockout counter. If the counter reaches the maximum allowed (Lockout threshold), the account is disabled for the time of Lockout duration. After this duration expires, the account is enabled again, and the lockout counter becomes 0 again. If Lockout duration is set to 0, the account must be manually enabled by an administrator.

    Administrators cannot be locked out: The lockout never affects members of the Administrators group. Their accounts are never locked.

To save your changes to this section: Click the Save button at the bottom of the section.

You can allow users to reset their own passwords. Do this in the Password reset section:

mqw-nxt-sec-pw-reset

Users can request password reset: When this option is Enabled, a Forgot password? link appears on memoQWeb's sign-in page. When a user clicks it, memoQWeb sends them an email to the address in their user profile. When they click the password reset link in the email, memoQWeb's password reset page opens. They can enter their new password there.

When this option is Disabled, the Forgot password? link is not visible on the sign-in page.

If your account is disabled, you cannot request a password reset.

To save your changes to this section: Click the Save button at the bottom of the section.