To implement a secure system requires secure access. Password requirements are intended to minimize exposure to blind hacking attempts that try commonly used phrases or brute force approaches to cracking into a system. They also force passwords to change periodically to ensure that prior employees don't retain access to information.

If you find password security requirements annoying, know that you are in good company. We find them quite annoying also. Still, they are not only good practice, they are required as part of the pci-dss_compliance to which every business using credit cards must submit.

All passwords must:

  • Be at least seven characters long.
  • Contain at least one number.
  • Contain at least one uppercase character.
  • Contain at least one lowercase character.

Whenever a user's password is changed, if it does not meet the password standards, the password will not be accepted.

When a user attempts to log in with a password that was set before the standards were in place and that password is not valid, they will be forced to change there password before being allowed to continue.

Blank passwords will not be allowed in Control or SMS. If a user attempts to log in with a blank password that was set before the standards were in place, the log in will fail. An administrator will need to reset the user's password before that user will be allowed to login.

You could leave a comment if you were logged in.