All users that have access to the Activ8 website’s private area must adhere to the password policies defined below in order to protect the security of the website, data integrity and confidentiality of personal data.
It is a user’s responsibility to prevent that their user ID and password is used to gain unauthorized access to the systems by following this password policy statement:
- Ensure that any PC left unattended is locked or logged out.
- Leave nothing on display that may contain access information such as login names and passwords.
- Inform the company of any changes to their role and access requirements.
- Change password after the first access via the settings on your personal dashboard.
- Change password at least on a 6 months basis.
- Don’t use the same password for at least 3 password-change iterations.
- Never write passwords down.
- Never include a password in a non-encrypted stored document.
- Never tell anyone your password.
- Never hint at the format of your password.
- Never reveal or hint at your password on a form on the internet.
- Report any suspicion of your password being broken to the company security team.
- Don’t use common acronyms as part of your password.
- Don’t use common words or reverse spelling of words in part of your password.
- Don’t use names of people or places as part of your password.
- Don’t use part of your login name in your password.
- Don’t use parts of numbers easily remembered such as phone numbers or street addresses.
- Be careful about letting someone see you type your password.
- User access rights are locked if there are more than 5 unsuccessful login attempts. This locked account can be enabled by receiving a new authorization token on the user account registered email.
Passwords must contain:
- Minimum password length – at least 8 characters;
- Minimum complexity – at least one upper case AND one lower case character;
- Minimum complexity – at least one special character (e.g. !,@,&);