Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

In the table below, you can find a summary of the password policy applied in the XTRF Platform.

 

Topic

Description

GENERAL PASSWORD SECURITY POLICY

There are several admin-selectable security levels. The following specifications are applied to the strongest and recommended password security policy:

  1. Minimum password length: 8 characters minimum

    • Passwords must contain both alphabetic and non-alphabetic characters:

      1. Password must contain at least 1 lowercase letter.

      2. Password must contain at least 1 uppercase letter.

      3. Password must contain at least 1 number.

      4. Password must contain at least 1 special character.

    • Password must not contain username

DETAILS OF PASSWORD SECURITY CONFIGURATION

  • Passwords are stored by the application in an encrypted non-recoverable form.

  • Passwords are masked when entered.

  • Users are asked to provide their own passwords during a registration procedure. There are no temporary passwords while creating a user account.

  • A user is automatically logged out after inactivity. In XTRF Platform the session timeout is configurable.

  • By default, XTRF Platform is configured to lock users out after 10 invalid login attempts. A user account is automatically unlocked after 30 minutes.

  • Multiple user sessions are not allowed.

  • Passwords are sent only over a HTTPS encrypted connection when logging in.

  • To get a new password to XTRF Platform a password recovery procedure is required.

  • In XTRF Platform only one-time tokens allow to set a new password.

  • No labels