Policy Details

InTime

The password policy is set for the whole Agency

The password must be between 8 and 50 characters long and contain at least three of the following:

• Numbers

• Upper case letters

• Lower case letters

• Symbols

 Passwords cannot contain:

• Spaces

• Alphabetical sequences

• Numerical sequences of length 3

• Qwerty keyboard sequences

• Four repeated characters

• Accented letters, e.g. á é

• The following characters: £ ¬ € < >

Note:

• The number of days that a password is valid for is defaulted to 90days, after this period it must be changed.

• Accounts are locked after 5 failed attempts

InPay

The password policy is set for each customer and can be overridden based on role.  As part of the configuration you can specify

1. The minimum length of the password (default 8)
2. Whether it must include both a number and a special character (default yes)
3. The number of days that a password is valid for.  After this period it must be changed (default 90)

Note:

• Accounts are locked after 6 failed attempts.
• Non Self Service accounts are disabled if the user has not logged in for 70 days

Client Portal

• Minimum length 6
• Contain at least 1 number, 1 upper case character, 1 lower case character, 1 non alphanumeric character
• Expires after 91 days