Security is always top of mind at ProviderTrust. One of the most important ways to ensure the safety of your online accounts is to protect your passwords. Please follow your company's password storage preferences.
Passwords for ProviderTrust applications need to meet the following requirements:
- Must contain at least 10 characters
- Must contain at least one lowercase letter
- Must contain at least one uppercase letter
- Must contain at least one capital letter
- Must contain at least one number
- Must contain at least one special character (!@#$%^&*)
ProviderTrust has implemented the following measures to further ensure online account security:
- Account logout occurs after 30 minutes of inactivity
- Passwords expire every 90 days. Notification of upcoming expiration will occur 5 days prior to the expiration.
- The last 24 passwords cannot be reused
- Maximum number of failed password attempts is 10. Account is locked after 10 consecutive failed attempts. Once locked, the account cannot be accessed for 30 minutes
Other important notes:
- Users create and change their own passwords
- Users should avoid writing down passwords
- Users are encouraged to use different passwords for different accounts
- Passwords are encrypted and cannot be de-encrypted by ProviderTrust staff
- Passwords are not identifiable or stored in a format that ProviderTrust can use
- ProviderTrust systems timeout if not in active use every 5 minutes
- ProviderTrust staff cannot reset a password; users have access to reset on the application
Single Sign-On and Multi-factor Authentication:
ProviderTrust has implemented Auth0 as our software integrator to allow for single sign-on and the use of multi-factor authentication (MFA) for our clients that request access to SSO.