As part of the continuous effort to ensure that Forsta Plus complies with the highest standards of security, the following password policy applies for end users (CAPI interviewers, report viewers, Analysts and Designers) and Professional Authoring or Survey Designer users (Professional/Translator).

General

System messages are provided (with translations to commonly used languages) for these settings. The appropriate error messages will be displayed when users choose passwords that do not comply with the site settings.

The Authoring, Reportal and Community Portal modules all have ‘Forgotten Password’ functionality. This allows end users to trigger an email so they receive an activation link that opens a page where they can reset their password.

All passwords are hashed and not transmitted in plain text. Consequently, passwords will not be available in plain text for any system users. Instead, users will be sent an activation link to open a page where they can choose their own password.

On-Demand users

The passwords for all areas of Forsta Plus must satisfy the same minimum requirements for complexity. Wherever passwords can be changed or set within the application, they will be validated against these rules before the change is accepted.

• Password history - the new password must be different from the last 12 passwords.
• Minimum age - the user will have to wait 24 hours after changing the password before being allowed to change it again.
• Maximum number of login attempts - after 5 invalid login attempts the account will be locked. The user will not be allowed to login again until the account is reactivated by the system administrator.
• Uppercase characters - the password must contain at least 1 uppercase letter.
• Non-alpha characters - the password must contain at least 1 character that is not a letter (a..z, A..Z).
• Password length - the password must contain at least 8 characters.
• Password expiry days - the password will expire after 60 days. (This will not apply for login to the CAPI app.)

It is possible to enforce even stricter requirements through certain company settings. Contact Forsta support if you wish to implement a stricter policy.

On-Premise users

The following configurable settings are enforced for all On-Premise users. If the Company Administrator selects to use the settings, users will have to comply with these settings when changing their password:

• Password history - the new password must be different from the last X passwords.
• Minimum age - the user will have to wait X hours after changing the password before being allowed to change it again.
• Maximum number of login attempts - after X invalid login attempts the account will be locked. The user will not be allowed to login again until the account is reactivated by the system administrator.
• Non-alpha-numeric characters - a required minimum number of characters that are not numbers (0..9) or letters (a..z, A..Z).
• Uppercase characters - a required minimum number of uppercase letters.
• Non-alpha characters - a required minimum number of characters that are not letters (a..z, A..Z).
• Password length - a required minimum number of characters in the password.
• Password expiry days - the password will expire after a number of days. Note that this will not apply for login to the CAPI app.
• Password strength - in addition to a combination of the above settings, a regular expression may be used to enforce an even stricter policy.

For Professional Authoring users, stricter requirements can be enforced through specific company settings.