This article outlines our password and lock-out policy, explaining how our systems handle automatic logoffs, invoice locks, password validity and history, and the minimum password duration.
Overview
Password
The password policy is:
- Min. 8 carakers
- Min. 1 uppercase letter
- Min. 1 lowercase letter
- Min. 1 character
Automatic Logoff (Auto logoff)
Our systems are configured to automatically log users off after 60 minutes of inactivity. This helps to ensure the security of our application. If there is a need for a different duration, we can adjust this according to user requirements.
Invoice Lock
An automatic lock is applied to invoices that are being edited by a user. If a user is inactive on an invoice for 10 minutes, the invoice is automatically returned to the invoice overview, making it available for other users to edit. This prevents invoices from being unnecessarily locked for extended periods.
Password Validity
Our application offers flexibility in the validity period of passwords. Users can choose from the following options:
- No mandatory change
- Once per year
- Once per quarter
Currently, we do not enforce a mandatory password change interval, meaning passwords remain valid indefinitely unless specified otherwise by the user.
Minimum Password Duration
There is no minimum password duration set in our application. This means users can change their password and, if desired, immediately revert it to the previous one. While this provides flexibility, we recommend regularly using strong passwords for optimal security.
Password History
Our application does not track the history of previously used passwords. Once changed, an old password cannot be restored. This means users cannot reuse recent passwords, enhancing the security of our systems.
Conclusion
Our password and lock-out policy is designed to ensure both the security and user-friendliness of our application. While we can make some adjustments to the automatic logoff time, there are limited possibilities to modify other aspects of the password policy. We encourage users to follow the existing guidelines and choose strong passwords for optimal security. If you have any questions, please feel free to contact us.