Password Security​

Based on PCI standards, Four51's password policy in regard to users logging into the application is as follows:

Buyer Users
A site can be setup with three distinct password security levels. When changing a buyer user's password, the previous four passwords may not be used. Independent of what security level is selected, a buyer site may be configured to require users to reset their passwords every 90 days.
Password levels are defined as:​

1. Low: No restrictions on passwords.

2. Medium: A minimum of six characters required.

3. High: Minimum of eight alphanumeric characters.

   1. Any two of the following three types of characters:

      1. Alphabetic (a-z, A-Z)

      2. Numeric (0-9)

      3. Punctuation and other characters (!@#$%^&*()_+~`-={}|:"<>?[]\;',./)

   2. After six login attempts, the user will be locked out for 30 minutes.

NOTE: PCI Standards require that buyer companies that use credit card processing are setup with the High level of security.

Administrative Users
Administrative users are required to have strong passwords. An administrative password will expire every 90 days and the previous four passwords may not be used when updating. Administrative users are set to the High level of security with the following definition:

1. High: Minimum of eight alphanumeric characters.
   
   a. Any two of the following three types of characters:
   
   i. Alphabetic (a-z, A-Z)

   ii. Numeric (0-9)