Password policy

Password policy was implemented to protect sensitive users data.

Our password policy contains the following rules:

  • minimum password lenght: 8 characters for users, 12 characters for admins
  • password must contain at least one digit and one letter
  • password can’t be longer than 20 characters
  • password can’t contain first name, last name, ssn or username
  • password can’t contain 3 the same characters in a row
  • previous 4 passwords can’t be reused
  • frequency of password change configurable
  • administrative accounts are suspended if inactive for 90 days
  • user account disabled after 5 unsuccessful attempts of login within 15 minutes, account reactivate after 30 minutes.