Password Policy

Password Requirements

All passwords are case-sensitive and must contain:

  • At least 8 characters total.
  • At least one uppercase alphabetic character (A-Z), such as "A", "B", "C", or "D".
  • At least one lowercase alphabetic character (a-z), such as "a", "b", "c", or "d".
  • At least one number (0-9), such as "1", "2", "3", or "4".
  • At least one punctuation character, such as ".", "!", "?", or a space.

Passwords must also:

  • Not contain your username.
  • Not reuse any of your last 10 passwords.
  • Be changed at least once every 90 days.

Note: If you enter an incorrect password three times during a login attempt, you will be locked out until your supervisor unlocks your account.

General Password Policies

  • Administration of user passwords and certain password policies are the responsibility of site administrators at FinThrive's client sites.
  • Application passwords expire after 30 days by default, and a new password must be chosen. Site administrators should have a good justification for increasing the password expiration period.  
  • Application passwords are disabled after 5 failed login attempts by default. This is a security feature that prevents unauthorized users from guessing passwords. Site administrators should have a good justification for increasing the number of failed attempts.
  • Only local site administrators should reset user passwords.  FinThrive representatives will not reset user passwords, except in certain emergency situations, such as a site with only one administrator, and the request is to reset that administrator’s password.  
  • Client organizations are responsible for ensuring that users (including administrators and supervisors) are aware of the responsibilities for securing their passwords by following these password security guidelines:
    • If you have trouble logging in and know your password is correct, contact your system administrator to have your password count reset.
    • Do not reveal your password to anyone under any circumstances, for any reason.  
    • Never give your password to someone over the telephone, even a FinThrive employee.  
    • Never give your password over the Internet.  Never give your password to another site on the Internet.
    • Never write down your password in an unsecured location or store it on your computer.  
    • Do not ask FinThrive to reset your password.

 

Related Topics Link IconRelated Topics