Password security settings

In the table below, you can find a summary of the password policy applied in the XTRF Platform.

Topic	Description

Topic

Description

GENERAL PASSWORD SECURITY POLICY

There are several admin-selectable security levels. The following specifications are applied to the strongest and recommended password security policy:

Minimum password length: 8 characters minimum
- Passwords must contain both alphabetic and non-alphabetic characters:
  1. Password must contain at least 1 lowercase letter.
  2. Password must contain at least 1 uppercase letter.
  3. Password must contain at least 1 number.
  4. Password must contain at least 1 special character.
- Password must not contain username

DETAILS OF PASSWORD SECURITY CONFIGURATION

Passwords are stored by the application in an encrypted non-recoverable form.
Passwords are masked when entered.
Users are asked to provide their own passwords during a registration procedure. There are no temporary passwords while creating a user account.
A user is automatically logged out after inactivity. In XTRF Platform the session timeout is configurable.
By default, XTRF Platform is configured to lock users out after 10 invalid login attempts. A user account is automatically unlocked after 30 minutes.
Multiple user sessions are not allowed.
Passwords are sent only over a HTTPS encrypted connection when logging in.
To get a new password to XTRF Platform a password recovery procedure is required.
In XTRF Platform only one-time tokens allow to set a new password.

1 GENERAL PASSWORD SECURITY POLICY
2 DETAILS OF PASSWORD SECURITY CONFIGURATION