Connect Admin - Password And Policy Information

CallTower Passwords and Login

Storage: 

·         Passwords are first salted and then securely encrypted prior to storage. 

·         Clear case passwords are not permitted in the database.

Password requirements

·         Password cannot contain selected user first name or last name

·         Password cannot contain three sequential characters

·         Password cannot contain three identical characters

·         Password cannot have any form of the words “passwords”, “welcome”, or “CallTower”

·         Must contain at least one special character

·         Must Be no less than 8 and no more than 15 characters

·         Must include at least one upper case letter

·         Must include at least one lower case letter

·         Must include at least one numeric digit.

Policies

·         User must change the initial auto-generated password after first login

·         User accounts are locked after three invalid logins to prevent brute force attacks.  There is unlock period that allows for additional attempts.  Admin intervention can unlock an account.

o   4^th attempt – 1 minute

o   5^th attempt – 10 minutes

o   6^th attempt – 20 minutes

o   7^th attempt – 1 hour

o   8^th attempt – 2 hours

o   9^th attempt – 1 day

o   10^th attempt – 1 year

·         User accounts will be locked if a successful login hasn’t occurred in a six-month period.

Sessions:

·         A user is logged out after two hours of inactivity