Password policy was implemented to protect sensitive users data.
Our password policy contains the following rules:
- minimum password lenght: 8 characters for users, 12 characters for admins
- password must contain at least one digit and one letter
- password can’t be longer than 20 characters
- password can’t contain first name, last name, ssn or username
- password can’t contain 3 the same characters in a row
- previous 4 passwords can’t be reused
- frequency of password change configurable
- administrative accounts are suspended if inactive for 90 days
- user account disabled after 5 unsuccessful attempts of login within 15 minutes, account reactivate after 30 minutes.