Password Policy for Users of FibreCRM
Password Complexity
a. Passwords must be at least eight characters long.
b. Passwords should include a combination of uppercase and lowercase letters, numbers, and special characters (e.g., !@#$%^&*).
c. Avoid using common words, personal information, or consecutive characters (e.g., 12345678).
Password Expiration
a. Users must change their passwords every 90 days.
b. Passwords cannot be reused within the last five password changes.
c. Users will receive automated reminders to change their passwords seven days before expiration.
Account Lockout
a. After five failed login attempts, the user account will be locked for a period of 30 minutes.
b. Users can request an account unlock by contacting the system administrator.
Password Storage
a. Passwords are stored using strong cryptographic algorithms and techniques.
b. Passwords are hashed and salted to ensure maximum security.
c. No one, including system administrators, has access to view or retrieve user passwords.
Password Reset
a. Users can initiate a password reset through the CRM software’s password recovery feature.
b. Password reset links are valid for 24 hours.
c. Users must provide additional verification information before resetting their passwords.
Two-factor Authentication (2FA)
a. Two-factor authentication is highly recommended for all external users.
b. Users can enable 2FA through their account settings.
c. Options for 2FA include SMS or email codes.
Remember that the above password policy serves as a general guideline. It’s crucial to adapt and customize it according to your specific security requirements, industry regulations, and best practices.
