Security is a constantly evolving requirement and the recent Equifax data breach is another example of why all solution providers must continue to improve their security practices and policies.
Ai has a strong commitment to review, improve and expand our security practices to meet both industry standards and client requirements. Just as no two client's systems are alike, no two client password policies and requirements are alike. Recently we expanded our core password security functionality to allow clients to request more granular password policies. Clients can now specify the following:
- Password Complexity - Defines the specific password minimum and maximum length along with the type of characters required. For example: one (1) character from each of the four (4) character categories (A-Z, a-z, 0-9, special characters) with a minimum length of eight (8) characters for regular user passwords, and a minimum length of fifteen (15) characters for privileged users.
- Password Minimum Lifetime Restriction - Defines the minimum amount of time after a password is altered before permitting it to be changed again.
- Password Maximum Lifetime Restriction - Defines the maximum amount of time a password can be used before requiring it to be changed.
- Password Generation Reuse Limit - Defines the number of prior passwords that cannot be reused. For example: Password reuse is prohibited for at least 6 generations.
In addition to all these new security options, Ai understands passwords are highly valued data coveted by hackers around the world. We follow industry best practices in regards to our password cryptography and use a one-way function that ‘hashes’ the password. Ai believes we can never be too careful with personal information and we will continue to monitor, expand and adjust to help prevent and protect against cyber attacks.