Skip to main content
CallTower Solutions Center

Connect Admin - Password And Policy Information

CallTower Passwords and Login

 

Storage: 

·         Passwords are first salted and then securely encrypted prior to storage. 

·         Clear case passwords are not permitted in the database.

 

Password requirements

·         Password cannot contain selected user first name or last name

·         Password cannot contain three sequential characters

·         Password cannot contain three identical characters

·         Password cannot have any form of the words “passwords”, “welcome”, or “CallTower”

·         Must contain at least one special character

·         Must Be no less than 8 and no more than 15 characters

·         Must include at least one upper case letter

·         Must include at least one lower case letter

·         Must include at least one numeric digit.

 

Policies

·         User must change the initial auto-generated password after first login

·         User accounts are locked after three invalid logins to prevent brute force attacks.  There is unlock period that allows for additional attempts.  Admin intervention can unlock an account.

o   4th attempt – 1 minute

o   5th attempt – 10 minutes

o   6th attempt – 20 minutes

o   7th attempt – 1 hour

o   8th attempt – 2 hours

o   9th attempt – 1 day

o   10th attempt – 1 year

·         User accounts will be locked if a successful login hasn’t occurred in a six-month period.

 

Sessions:

·         A user is logged out after two hours of inactivity

  • Was this article helpful?