We have put considerable effort into making our system secure. This includes how we manage passwords.

Passwords are one way encrypted on our servers. This means that a password is never stored in clear text and that our IT personnel have no way of looking at your passwords. To prevent brute force hacking of passwords, our system locks the user out for X minutes after Y invalid login attempts (default is 5 minutes after 5 failed logins).

Recommended settings include:

  1. Require complex passwords (at least one capital letter, one number and one special character)
  2. Minimum password length of 8 characters
  3. Require users to enter new password on after login (for password resets)
  4. Temporary passwords expire after 3 hours

Return to main Information Security page.