Below are some frequently asked questions regarding FloQast's Password Requirements. If you have any additional questions, please reach out to your Accounting Success Manager or support@floqast.com.
Are users required to answer both security questions in order to reset their password? Are there any other steps required when resetting a password (i.e. an admin has to be actually reset it) or is it just self-service?
Yes, users are required to answer both Security Questions (case-sensitive) in order to use the self-service password reset method. There are no additional steps required from their Admins. Alternatively, an Admin or System Admin on the team can initiate a temporary password for them (instead of the user utilizing the self-service method).
Does FloQast prevent users from reusing previous passwords?
Passwords must not have been reused for at least 10 password changes.
How does FloQast handle incorrect password attempts?
The first lockout occurs after 10 failed login attempts and it lasts 5 minutes. After that expires, users can attempt again, but a single failed attempt will cause the second lockout, which is also 5 minutes. Subsequent lockouts get progressively longer: 10 minutes, 15 minutes, 25 minutes, 40 minutes, and 1 hour. It maxes out at 1 hour.
What are the complexity requirements for passwords?
Passwords must contain 1 number, 1 special character, 1 lowercase, and 1 uppercase letter.
What is the minimum password length?
Passwords must be at least 8 characters long.
How long do passwords last before they expire?
Passwords expire after 90 days.