ClientTether Password Policy

July 18, 2024

Overview

To ensure the security of our system and protect user data, ClientTether has implemented a comprehensive password policy. This policy outlines the requirements and procedures for creating and managing user passwords.

Password Policy Requirements

  1. First Login Password Reset
    • New accounts and users must reset their password upon their first login.
  2. Automatic Logout
    • Users will be automatically logged out after 30 minutes of inactivity to enhance security.
  3. Password Expiration
    • Passwords must be reset every 180 days or less. This is enforced as an enterprise setting.
  4. Strong Password Requirements
    • Passwords must meet the following criteria to be considered strong:
      • Contain at least one uppercase and one lowercase letter.
      • Include at least one number.
      • Include at least one special character (e.g., !, @, #, $).
      • Be at least 8 characters long.
  5. Password Reuse
    • Users cannot reuse the same password for at least 5 password cycles.
  6. Login Attempts and Captcha Verification
    • After 5 failed login attempts, users will be required to complete a captcha verification on their next login attempt.

Implementation

New User Password Setup

When a new user account is created, the user will receive a temporary password. Upon their first login, they will be prompted to change this temporary password to one that meets the above strong password requirements.

Automatic Logout Procedure

The system will monitor user activity. If no activity is detected for 30 minutes, the user will be automatically logged out. Users will need to log in again to continue using the system.

Password Expiration and Reset

Users will receive notifications 15 days before their password is set to expire. They must reset their password by the expiration date. If the password is not reset, users will be prompted to reset it upon their next login attempt.

Managing Login Attempts

The system tracks login attempts. After 5 consecutive failed login attempts, the user will be required to complete a captcha verification to ensure they are not a bot. This measure helps to prevent unauthorized access.

Best Practices

  • Users are encouraged to use unique passwords for different accounts.
  • Avoid using easily guessable information, such as birthdates or common words.
  • Regularly update passwords and avoid sharing them with others.

By adhering to these guidelines, users can help maintain the security and integrity of ClientTether’s systems.

For any questions or assistance with password-related issues, please contact our support team.