Password policy

Password policy was implemented to protect sensitive users data.

Our password policy contains the following rules:

• minimum password length: 8 characters for users, 12 characters for admins
• password must be created from 3 out of 4 of these characters: lowercase letters, uppercase letters, numbers and symbols
• password can’t be longer than 20 characters
• password can’t contain first name, last name, ssn or username
• password can’t contain 3 the same characters in a row
• previous 4 passwords can’t be reused
• frequency of password change configurable
• administrative accounts are suspended if inactive for 90 days
• user account disabled after 5 unsuccessful attempts of login within 15 minutes, account reactivate after 30 minutes.