Security Policy

User Accounts

  • User logins are tied to email addresses.
  • User logins should never be shared: each person should have their own login.
  • When User accounts are created, a temporary password will be emailed to the User. They will be required to change their password when they login for the first time.


  • Passwords must have at least one lower case letter, one upper case letter, and one number.
  • Passwords must be at least 6 characters long.
  • If a User forgets their password, they can reset it from the the web site's login page. They will be send a temporary password in email. When they login next time, they will be required to change their password.
  • Passwords expire after six months. Users will be required to change their passwords when they expire.


  • After a number of failed login attempts, the User's account will be locked. The account can be unlocked by a system administrator. It will also unlock automatically after 15 minutes without additional failed login attempts.
  • User sessions will expire after one hour of inactivity.
  • When sessions expire, users will be required to login again before they can continue working in the application.