Password Rules
Overview
We modified our new password rules to follow National Institute of Standards and Technology (NIST) guidelines. NIST is a non-regulatory federal agency whose mission is to promote U.S. innovation and industrial competitiveness in ways that enhance security and improve quality of life.
Changes
- Removal of the routine expiration of passwords
- Multiple studies have indicated that the common practice of requiring users to change their passwords on a set schedule are actually detrimental to password security. With this in mind, passwords used to access Bullhorn Bullhorn Time & Expense tools will no longer expire.
- Simplification to complexity requirements
- There will no longer be any requirements for a password. Like the frequent password changes, this has been shown to lead to worse passwords.
- The only requirement is a length of 8 characters. However, a more complex password is highly encouraged, such as one that contains at least 1 of the following characteristics: uppercase character, lowercase character, special character, or number.
- Screening of passwords
- To ensure the security of user accounts, we will validate user created passwords against a database of commonly used or commonly breached passwords. If we find any issues, we will prompt the user to create a different password before saving anything.
- Lockout
- A user will be locked out from the system for 1 hour after 20 invalid attempts. To best protect the security of all accounts, this 1 hour lockout cannot be bypassed.
Was this helpful?
No