password requirements, password reset
When you create a new account or when you receive an invitation to join an account, SRXP requests you to set a password.
SRXP has a strict password policy and we require that your password contains:
- at least 8 characters
- minimum one lowercase letter
- minimum one uppercase letter
- minimum one digit
A password cannot be created if this requirement is not respected.
SRXP does not enforce password change regularly (no expiration, no aging). But we strongly advice all of our users, to update their passwords on regular basis or to use SSO login.
It is important to know that if you forget your password, you need to follow the password recovery procedure, as the system does not register your password.
When you login for the first time to your SRXP account, it is import to confirm your email address. You receive this email automatically*.
It is important to confirm your email address, otherwise you cannot use the password recovery procedure.
*If you have few SRXP account, make sure that you fully log out of the SRXP portal before confirming your email address. Otherwise, it will automatically set the logged in email address as new email address for the new account.
If you did not confirm your email address during the account creation phase, you can always confirm it later. You can see that your email address was not confirmed as a red line appears on the top left of the screen on top of your company logo. (see below).
During the email address confirmation procedure, we will ask you to login to your SRXP account. It is therefore necessary that you remember your password.
If you did not remember your password, please contact the SRXP support and we can 'reset' your password. This means that a recover password email will be send to you.
In the recovering email, a link is generated to allow you to reset your password. This link has no expiration time.
and use your email address and the provided confirmation code to access the password recovery page.
Note: login with SSO implies that you are using a different methodology to recover your password
Password are stored hashed using Bcrypt (with a cost of 12) in a database.