Password Policy
The password policy for Hubble was set to align with the TRUSTe recommendations (TFS 76079):
- TRUSTe recommends developing a policy and implementing a system that only provides access to customer data to employees that require access to provide the service.
- TRUSTe has minimum password requirements: At least 6 characters, no sequences or consecutive characters (i.e. 111111, 123456, qwerty, abcdef) and no common passwords (i.e. admin, password)
- TRUSTe recommends as a best practice requiring passwords to include a combination of alphanumeric characters.
Hubble Password Policy Options
| PASSWORD CRITERIA | TRUSTED CLOUD REQUIREMENT |
|---|---|
| 1. Passwords contain at least 6 characters. | Mandatory |
| 2. Passwords cannot solely contain sequences or repeated characters (i.e., 12345678, Mandatory 222222, abcdefg, OR adjacent key placement (qwerty)). | Mandatory |
| 3. Passwords cannot be COMMON passwords: ‘password’, ‘password123’, ‘changeme’,‘admin’, ‘administrator’, etc. | Mandatory |
| 4. If passwords are created from a system, the user must be required to change it upon Mandatory initial log on. | Mandatory |
| 5. Users must be required to change passwords periodically (minimum 2 times per year). | Optional |
| 6. Users are allowed to reset passwords through an automated system. | Web Users Only |
| 7. Passwords are not recognizably out of a dictionary (password cracking programs typically use words from a dictionary when trying to get a password). | Optional |
| 8. Block access to users account after a maximum of 10 tries, with a warning message before final attempt. | Optional |