We are making improvements to make TimeTac even more secure. These changes will begin rollout to your account in late April.
Firstly, we are enforcing stronger minimum standards for passwords. We currently have settings within your Account Settingsthat allow you to define:
- the minimum length of a password
- the minimum number of lowercase letters
- the minimum number of uppercase letters
- the minimum number of numerals
- the minimum number of special characters
The minimum value of these settings will be increased as followed:
- the minimum length of a password – 8
- the minimum number of lowercase letters – 1
- the minimum number of uppercase letters – 1
- the minimum number of numerals – 1
- the minimum number of special characters – 1
You are welcome to increase the values of these settings to even further increase the security of your TimeTac account. If your settings are already higher than these values, they will not be changed. When setting a new password, users will be required to adhere to these settings. A new prompt will show your users if their password meets the minimum security standards.
Users entering their password incorrectly ten times will be logged out automatically. This discourages brute force attacks, where hackers attempt numerous combinations of usernames and passwords to gain access to your account.
When a user is logged out of their account, they will be informed via email. Additionally, we will notify all account administrators within TimeTac. To allow access, an administrator will need to navigate to User Management, and click on the status symbol next to User Status. You can also manage this on the right in Details and User Data.
Users are welcome to enforce a lower limit than 10 attempts to even further improve account security.
If you have any questions or feedback to this topic, please feel free to contact us via support@timetac.com.
