Password Policy
Password Requirements
All passwords are case-sensitive and must contain:
- At least 8 characters total.
- At least one uppercase alphabetic character (A-Z), such as "A", "B", "C", or "D".
- At least one lowercase alphabetic character (a-z), such as "a", "b", "c", or "d".
- At least one number (0-9), such as "1", "2", "3", or "4".
- At least one punctuation character, such as ".", "!", "?", or a space.
Passwords must also:
- Not contain your username.
- Not reuse any of your last 10 passwords.
- Be changed at least once every 90 days.
Note: If you enter an incorrect password three times during a login attempt, you will be locked out until your supervisor unlocks your account.
General Password Policies
- Administration of user passwords and certain password policies are the responsibility of site administrators at FinThrive's client sites.
- Application passwords expire after 30 days by default, and a new password must be chosen. Site administrators should have a good justification for increasing the password expiration period.
- Application passwords are disabled after 5 failed login attempts by default. This is a security feature that prevents unauthorized users from guessing passwords. Site administrators should have a good justification for increasing the number of failed attempts.
- Only local site administrators should reset user passwords. FinThrive representatives will not reset user passwords, except in certain emergency situations, such as a site with only one administrator, and the request is to reset that administrator’s password.
- Client
organizations are responsible for ensuring that users (including administrators
and supervisors) are aware of the responsibilities for securing their
passwords by following these password security guidelines:
- If you have trouble logging in and know your password is correct, contact your system administrator to have your password count reset.
- Do not reveal your password to anyone under any circumstances, for any reason.
- Never give your password to someone over the telephone, even a FinThrive employee.
- Never give your password over the Internet. Never give your password to another site on the Internet.
- Never write down your password in an unsecured location or store it on your computer.
- Do not ask FinThrive to reset your password.