Account Security
In order to protect your account and the sensetive information it may contain, TMS
follows PCI best practices for protecting your account and your password. Read below
for more information
- Passwords must be complex
- Passwords will expire every 90 days
- You cannot use your recently used passwords
- You can only reset your password once a day
- Invalid attempts will lock your account for a short period of time
What is a complex password?
- The password must be at least 8 characters long
- The password must have an upper case letter
- The password must have a lower case letter
- The password must have a non-letter character such as a number or (!@#$%&)
- When entering a password, the password strength will show if one of the above criteria
is not met
Tips for creating a secure password:
- Include multiple special characters that are different (^$#*&).
- Mix capital and lowercase letters.
- Never use a password displayed online as an example, even if it meets the complex
password requirements
- Never base a password on personal or easily obtainable information (birth date,
first address).
- Never use full words found in a dictionary
- Never use simple keyboard patterns such as 12345678 or qwerty
- Never use repeating characters in a row (aa11).
Tips for keeping your password secure:
- Never use the same password for multiple accounts such as your email and online
bank accounts
- Never share accounts and passwords with anyone.
- Never write your password down in an easily accessable location.
- Never send your password by email.
- Use a password manager program to maintain all your passwords such as Keepass
What happens when my password expires?
When your password expires, you will be redirected to a page to change your password
before logging in. This includes all versions of TMS, you cannot login with an expired
password.
Why can I not use my recently used passwords or reset my password more than once
a day?
This is to ensure users keep changing their passwords to something different than
before. Using different passwords every time it expires decreases the chance someone
can guess your password.
What happens if my account is locked out?
When your account is locked, you cannot login to TMS anymore, even if you supply
the correct password. This limits the number of guesses a person can guess your
password. Once locked there are a few ways to unlock your account:
- Wait 30 minutes for your account to be unlocked
- Contact your ISO to unlock your account
- Use the "Forgot your password?" link on the login page to reset your password. This
requires access email address set on your user profile. With this, you can still
only change your password once a day. So if you change your password and get locked
out again, you must unlock your account using the other methods