The username/password system is designed to maintain a high level of security.
Password Strength
Passwords must be at least eight characters long and contain at least one digit, one upper case letter and one lower case letter.
Change Schedule
The system will prompt all users to change passwords every 90 days. A particular password cannot be re-used within a 12-month period.
Disable for Inactivity
Any user login is automatically disabled after 45 days of inactivity. No data is lost, but the user must enter a request through the help desk to have a system administrator enable the account again.
Lockout for Repeated Login Attempts
A user account is disabled after five consecutive attempts to login with an incorrect password. Contact the help desk to have the account enabled.
Password Encryption
All passwords are encrypted using SHA-2 (256 bit). They are not stored in readable form and system administrators cannot recover lost passwords (they can, however, change an existing user's password without knowing the lost password).