Friday Feature - Password Rules
I just moved and that required me to change my mailing address in about 50 million places, all of which required me to enter my user name and password. Some of my passwords were awful, unsecure, easy-to-guess, created back in the day when I didn't worry about online security. I changed all of those bad passwords using a new pattern that every web site deemed "strong."
When working with sensitive information, you should always have a strong password, and that is why Escape Online has the ability to define password complexity rules.
Each COE (and district*) can create their own complexity policies, including length of password, number of lowercase letters, number of uppercase letters, number of numerics, inclusion of special characters, time limits (for password changes), warnings (days until the password expires), and repeat limits (not able to change a password to a previous password).
If you implement password rules, Escape Online automatically lets the user know what the rules are.
This dialog is what displays when a user has to change their password.
As the user complies with each rule, the dialog changes so the user knows what is still required. Nice!
The password rules can also include how often the password needs to be changed (like every 90 days). If you set this up, the user will be required to change their password before they can proceed to any activity in Escape Online. If that is too harsh for you -- making users change their password without warning -- you can set up warnings. Seriously!
But wait, there's more.
You can also set up how many times a password can be repeated. So, if my password is DOG1 and my last password was CAT2, I cannot change DOG1 to CAT2 or even FISH3 which was the password before that.
With so much mission-critical and sensitive information held in Escape Online, it is comforting that you can control the strength of the passwords used to access it.
NOTE: To implement a password policy, please contact Escape Customer Care.
* If you choose to implement separate policies for districts, all users with access to more than one organization will follow the requirements for the county and all users with access to a single organization will follow the policy for that organization (or default to the county policy if no such organizational policy exists).