User logins should never be shared:
each person should have their own login.
When User accounts are created, a temporary
password will be emailed to the User. They will
be required to change their password when they login
for the first time.
Password
Passwords must have at least one lower case letter,
one upper case letter, and one number.
Passwords must be at least 6 characters long.
If a User forgets their password, they can reset it from the
the web site's login page. They will be send a temporary
password in email. When they login next time, they will be
required to change their password.
Passwords expire after six months. Users will be
required to change their passwords when they expire.
Session
After a number of failed login attempts, the User's
account will be locked. The account can be unlocked
by a system administrator. It will also unlock automatically
after 15 minutes without additional failed login attempts.
User sessions will expire after one hour of inactivity.
When sessions expire, users will be required to
login again before they can continue working in the application.