We have put considerable effort into making our system secure. This includes how we manage passwords.

Passwords are one way encrypted on our servers. This means that a password is never stored in clear text and that our IT personnel have no way of looking at your passwords. To prevent brute force hacking of passwords, our system locks the user out for X minutes after Y invalid login attempts (default is 5 minutes after 5 failed logins).

Recommended settings include:

  1. Require complex passwords (at least one capital letter, one number and one special character)
  2. Minimum password length of 8 characters
  3. Require users to temporary password on after login (so an SMS or emailed password becomes obselete)
  4. Temporary passwords expire after 30 minutes
  5. Use of SMS for password delivery1 (temporary passwords are not delivered via email)

1Not available in all countries

Return to main Information Security page.

Revision 1.0.2 - last updated December 12, 2019