Context: This article details the password and MFA strength criteria, as well as key details around expiry and invalid attempts.
Password Criteria
In order to protect you and your security, we enforce a number of minimum password requirements. Whilst creating an account, or resetting your password – the Portal will present validation messages if your password is non-compliant. Please see below to understand the criteria, restrictions, and rules for expiration and invalid password attempts.
Complexity
| Your password must | |
1 | Have a minimum of 13 characters |
| And must contain | |
2 | At least one lowercase character (a-z) |
3 | At least one uppercase character (A-Z) |
4 | At least one number (0-9) |
5 | And at least one special character |
Restrictions
| Restrictions | |
1 | A strict uniqueness check is performed against known compromised passwords to ensure that your password is secure. |
2 | You cannot reuse the last 12 passwords used for the Portal |
Expiration & Invalid Attempts
| Expiry | |
1 | Passwords expire after 180 days |
| Invalid Attempts | |
2 | Your account will be locked for 1 hour after 5 consecutive failed password attempts |
MFA TOTP Requirements
We have strengthened our requirements for TOTP codes which may impact the Authenticator app that you currently use. We recommend and directly support Google Authenticator, however, if you wish to use another application, please see the list of compatible authenticator apps below.
Compatible Authenticator Apps
Important: Our official support boundary is limited exclusive
to Google Authenticator. This standardisation ensures our
team can efficiently troubleshoot authentication issues and maintain
consistent security baselines.
If you wish to use another authenticator application, the list below are what is currently understood to comply with our TOTP requirements.
| Compatible Authenticator Apps | |
1 | 1Password TOTP |
2 | Studo Authenticator |
3 | 2FAS (Version 3.6.2 and onwards) |