Account Security

Each person must have their own login. CCorp’s web applications will allow simultaneous use of a single login to run multiple sessions. Users must take all reasonable precautions to protect the security and integrity of the userid’s and passwords, and to prevent their unauthorized use.
Web Application passwords must be a minimum of six (6) and a maximum of sixteen (16) characters in length.
OTIS/ATOM passwords must be a minimum of six (6) and a maximum of eight (8) characters in length.
Passwords must contain a combination of alpha and at least two numeric characters.
Special characters are permitted, such as: !@#$%^&*(){}<>?:~
Dictionary words and proper names are not permitted as any part of a password.
Passwords must change substantively from previous passwords (i.e. btrc65 cannot be changed to btrc66.)
Passwords will not be repeated for thirteen (13) months and the computer access controls will be set to enforce this standard.
Users will be locked out of web-based applications after three (3) unsuccessful login attempts.
Users will be prompted to reauthenticate after eight hours.
Passwords can be reset anytime and should be changed every thirty five (35) days.