Versions Compared

Old Version 5

changes.mady.by.user Damian Rozmiarkowski

Saved on

compared with

New Version Current

changes.mady.by.user Damian Rozmiarkowski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In the table below, you can find a summary of the password policy applied in the XTRF Platform.

Topic

Description

GENERAL PASSWORD SECURITY POLICY

There are several admin-selectable security levels. The following specifications are applied to the strongest and recommended password security policy:

  1. Minimum password length: 8 characters minimum

    • Passwords must contain both alphabetic and non-alphabetic characters:

      1. Password must contain at least 1 lowercase letter.

      2. Password must contain at least 1 uppercase letter.

      3. Password must contain at least 1 number.

      4. Password must contain at least 1 special character.

    • Password must not contain username

DETAILS OF PASSWORD SECURITY CONFIGURATION

  • Passwords are stored by the application in an encrypted non-recoverable form.

  • Passwords are masked when entered.

  • Users are asked to provide their own passwords during a registration procedure. There are no temporary passwords while creating a user account.

  • A user is automatically logged out after inactivity. In XTRF Platform the session timeout is configurable.

  • By default, XTRF Platform is configured to lock users out after 10 invalid login attempts. A user account is automatically unlocked after 30 minutes.

  • Multiple user sessions are not allowed.

  • Passwords are sent only over a HTTPS encrypted connection when logging in.

  • To get a new password to XTRF Platform a password recovery procedure is required.

  • In XTRF Platform only one-time tokens allow to set a new password.

Table of Contents
minLevel1
maxLevel6
outlinefalse
styledefault
typelist
printabletrue