When initially creating or resetting a user password, specific standards must be met in order to accommodate SOC II requirements.
- Passwords must be at least 16 characters long.
- Passwords cannot be a long string of a single character such as “1111111111111111” or “aaaaaaaaaaaaaaaa”.
- Passwords cannot contain any part of the user’s name or email.
Resetting a Password
Resetting the password inside the application requires the user to enter their current password to do so.
Resetting PIN - requires 6 digits.
- Passwords must not match any of the previous 12 passwords set by the user.
- Passwords will expire after 365 days.Two weeks before expiration, users will receive a “Password expiring soon” popup after logging in. If the password is not updated, users will not be able to log into the system until they reset their password using the reset password link on the login page.