In the table below, you can find a summary of the password policy applied in the XTRF Platform.
No.
Topic
Description
GENERAL PASSWORD SECURITY POLICY
There are several admin-selectable security levels. The following specifications are applied to the strongest and recommended password security policy:
Minimum password length: 8 characters minimum
Passwords must contain both alphabetic and non-alphabetic characters:
Password must contain at least 1 lowercase letter.
Password must contain at least 1 uppercase letter.
Password must contain at least 1 number.
Password must contain at least 1 special character.
Password must not contain username
DETAILS OF PASSWORD SECURITY CONFIGURATION
Passwords are stored by the application in an encrypted non-recoverable form.
Passwords are masked when entered.
Users are asked to provide their own passwords during a registration procedure. There are no temporary passwords while creating a user account.
A user is automatically logged out after inactivity. In XTRF Platform the session timeout is configurable.
By default, XTRF Platform is configured to lock users out after 10 invalid login attempts. A user account is automatically unlocked after 30 minutes.
Multiple user sessions are not allowed.
Passwords are sent only over a HTTPS encrypted connection when logging in.
To get a new password to XTRF Platform a password recovery procedure is required.
In XTRF Platform only one-time tokens allow to set a new password.