Policies
Password Policy
5 min
1\ purpose the cqa password policy defines the standards for creating, managing, and securing user passwords this policy is designed to mitigate the risk of unauthorized access, brute force attacks, and credential stuffing while maintaining a user friendly experience that aligns with modern security standards (including nist 800 63b guidelines) 2\ scope this policy applies to all accounts accessing the cqa platform, including tenant administrators, supervisors, agents, and api system accounts 3\ password construction requirements all user generated passwords must adhere to the following mandatory criteria 3 1 length requirements minimum length 12 characters maximum length 128 characters rationale longer passwords provide exponentially greater resistance against brute force and dictionary attacks allowing up to 128 characters easily accommodates passphrases 3 2 character complexity passwords must contain characters from at least three (3) of the following four (4) categories uppercase alphabetical characters (a z) lowercase alphabetical characters (a z) numeric characters (0 9) special characters and symbols (e g , ! @ # $ % ^ & ( ) = + \[ ] { } ; , < > / ?) 3 3 allowed characters the system supports all utf 8 characters users are explicitly permitted to use spaces (allowing for multi word passphrases) and all standard ascii and non ascii symbols 3 4 contextual restrictions username/email match passwords are cross checked against the user's account data a password will be immediately rejected if it contains the user's username, first name, last name, or email address (evaluated as a case insensitive substring match) security parameter requirement description / rule minimum length 12 characters passwords must be at least 12 characters long maximum length 128 characters passwords can be up to 128 characters to easily accommodate long passphrases complexity requirements 3 out of 4 categories passwords must contain characters from at least 3 of the following 4 categories • uppercase letters (a z) • lowercase letters (a z) • numbers (0 9) • special characters/symbols (e g , !@#$%^& ) allowed characters all utf 8 characters all standard characters, symbols, and spaces are explicitly allowed and encouraged contextual restrictions no username/email passwords cannot contain the user's account username, first name, last name, or email address (case insensitive) usability & tools paste functionality enabled the system fully supports copy/pasting
Have a question?
Our super-smart AI, knowledgeable support team and an awesome community will get you an answer in a flash.
To ask a question or participate in discussions, you'll need to authenticate first.
