Account Security
In order to protect your account and the sensetive information it may contain, TMS follows PCI best practices for protecting your account and your password. Read below for more information

• Passwords must be complex
• Passwords will expire every 90 days
• You cannot use your recently used passwords
• You can only reset your password once a day
• Invalid attempts will lock your account for a short period of time

What is a complex password?

• The password must be at least 8 characters long
• The password must have an upper case letter
• The password must have a lower case letter
• The password must have a non-letter character such as a number or (!@#$%&)
• When entering a password, the password strength will show if one of the above criteria is not met

Tips for creating a secure password:

• Include multiple special characters that are different (^$#*&).
• Mix capital and lowercase letters.
• Never use a password displayed online as an example, even if it meets the complex password requirements
• Never base a password on personal or easily obtainable information (birth date, first address).
• Never use full words found in a dictionary
• Never use simple keyboard patterns such as 12345678 or qwerty
• Never use repeating characters in a row (aa11).

Tips for keeping your password secure:

• Never use the same password for multiple accounts such as your email and online bank accounts
• Never share accounts and passwords with anyone.
• Never write your password down in an easily accessable location.
• Never send your password by email.
• Use a password manager program to maintain all your passwords such as Keepass

What happens when my password expires?

When your password expires, you will be redirected to a page to change your password before logging in. This includes all versions of TMS, you cannot login with an expired password.

Why can I not use my recently used passwords or reset my password more than once a day?

This is to ensure users keep changing their passwords to something different than before. Using different passwords every time it expires decreases the chance someone can guess your password.

What happens if my account is locked out?

When your account is locked, you cannot login to TMS anymore, even if you supply the correct password. This limits the number of guesses a person can guess your password. Once locked there are a few ways to unlock your account:

• Wait 30 minutes for your account to be unlocked
• Contact your ISO to unlock your account
• Use the "Forgot your password?" link on the login page to reset your password. This requires access email address set on your user profile. With this, you can still only change your password once a day. So if you change your password and get locked out again, you must unlock your account using the other methods