CallTower Passwords and Login
· Passwords are first salted and then securely encrypted prior to storage.
· Clear case passwords are not permitted in the database.
· Password cannot contain selected user first name or last name
· Password cannot contain three sequential characters
· Password cannot contain three identical characters
· Password cannot have any form of the words “passwords”, “welcome”, or “CallTower”
· Must contain at least one special character
· Must Be no less than 8 and no more than 15 characters
· Must include at least one upper case letter
· Must include at least one lower case letter
· Must include at least one numeric digit.
· User must change the initial auto-generated password after first login
· User accounts are locked after three invalid logins to prevent brute force attacks. There is unlock period that allows for additional attempts. Admin intervention can unlock an account.
o 4th attempt – 1 minute
o 5th attempt – 10 minutes
o 6th attempt – 20 minutes
o 7th attempt – 1 hour
o 8th attempt – 2 hours
o 9th attempt – 1 day
o 10th attempt – 1 year
· User accounts will be locked if a successful login hasn’t occurred in a six-month period.
· A user is logged out after two hours of inactivity