Several security measures have been implemented to ensure the safety of all user accounts. Except for Two-Factor Authentication, all are mandatory for all clients and thus are not changeable.
- Password policy: at least 8 characters long with at least 1 special character, 1 lower case letter, 1 upper case letter, and 1 numeric character.
- Single active session: user can only have one open login session. No simultaneous login on browsers is allowed.
- Session timeout: user will be automatically logged out after being inactive for 2 hours.
- Two-Factor Authentication(optional): all user accounts in the organisation are required to log in with a One-Time Password (OTP) which is sent to their registered email.