We have put considerable effort into making our system secure. This includes how we manage passwords.

Passwords are one way encrypted on our servers. This means that a password is never stored in clear text and that our IT personnel have no way of looking at your passwords. To prevent brute force hacking of passwords, our system locks the user out for X minutes after Y invalid login attempts (default is 5 minutes after 5 failed logins).

Recommended settings include:

  1. Require complex passwords (at least one capital letter, one number and one special character)
  2. Minimum password length of 8 characters
  3. Require users to enter new password on after login (for password resets)
  4. Temporary passwords expire after 3 hours

Other considerations:

  1. Customer administrator can set session timeout length
  2. Customer administrator can set password history requirements (e.g. password can't be reused for 12 months)
  3. Customer administrator can set password expiration period (e.g. password must be reset after 90 days)

Return to main Information Security page.