This article describes the password requirements and account security settings for the UltraDNS Managed Services Portal, including password complexity, expiration, session controls, and account policies.
Password Requirements
Passwords must meet the following length and complexity requirements.
The password must be between 8 and 32 characters in length.
Passwords must include at least three of the following elements.
- An uppercase letter
- A lowercase letter
- A numeral
- A non-alphabetic character such as !, $, #, or %
Spaces are not permitted in passwords.
Password History
The system does not store past passwords. Users can choose any password without restrictions based on previous passwords.
Password Expiration
Password expiration can be configured to require password changes after a specified number of days. The value must be an integer between 14 and 365 days.
This setting can be configured at both the account and user levels. User-level settings take precedence over account-level settings.
Account Lockout Policy
The lockout policy is an account-level setting that determines how long a user account can remain inactive before being marked as inactive.
Once an account is marked as inactive, the user cannot log in until an administrator reactivates the account.
A value of 0 means accounts never become inactive due to inactivity. Values between 60 and 365 days are permitted.
Session Timeout
The inactivity timeout setting determines how many minutes of inactivity will result in a user being logged out of the UltraDNS Managed Services Portal.
This value can be set between 5 and 120 minutes. The setting can be configured at both the account and user levels, with user-level settings taking precedence.
Concurrent Login
Users are permitted to log in to the portal from multiple browsers simultaneously, as well as through the API.
Security and Password Handling
Passwords are secured using Bcrypt hashing, which provides strong protection against brute-force attacks.
When a password expires, users are required to change it upon their next login. This ensures that password security is actively maintained.