Effective September 30, 2023, HealthStream is enacting new password management standards that will be enforced for security of all users. These standards include:
1) Passwords cannot contain the user ID
2) Password reminders cannot contain the password
3) Minimum requirements for password complexity and management
Minimum Requirements:
At a minimum, passwords should always:
1) Be at least eight characters in length
2) Include a combination of uppercase and lowercase letters
3) Contain at least one number
4) Contain at least one symbol (!@#%)
Password management:
1) Password expiratation: 90 days
2) History: Three, your password must be different from the last three passwords
3) Lockout attempts: Five failed attempts
4) Lockout duration: Five minutes
There is no immediate effect on any existing users that do not comply with these standards; however, the next time those users or an admin edit(s) their credentials, login, or password, these rules will be enforced.