Password  Security

Reusing Previous Passwords

When creating a password, you cannot reuse the last three passwords. This is a requirement in Alio VP.

Password Protected Options

You are required to enter a password when:

• Defining/updating security questions and/or answers

• Updating application settings

• Updating user account settings

Password Naming Convention

A Password must be at least eight characters in length. It must include upper and lower case letters with at least one lower case letter, one or more numbers (1, 2, 3, etc.) and at least one of these special characters (!@#$%^&*?~ ).

Your organization may have additional password naming requirements.

Invalid Login Attempts

The Alio Vendor Portal system administrator may define the number of invalid login attempts allowed. When this threshold is reached, the account is locked. The Alio Vendor Portal administrator can set a time frame to determine how long the account will remain locked or choose to have the account remain locked until the Alio Vendor Portal administrator manually unlocks it. If your account becomes locked, check with your Alio Vendor Portal administrator to find out how your organization’s lockout policies are defined.

If an incorrect password is entered during the log in process, an error message displays indicating the number of attempts left until the account is locked.

After the account is locked, the user will either have to wait a specified amount of time before attempting to log in again or wait for the Alio Vendor Portal administrator to manually unlock their account.

Password Expiration

Your Alio ESP administrator may implement a password expiration requirement based on your organization's password security policy. When the Password Expiration utility is implemented, and:

• The VP administrator user logs in to Alio VP with a unique Alio VP administrator user name and password (user created), the message ""Your password has expired. Please use the forgot your password link in order to reset your password." displays. The user may click the Forgot Your Password link on the Alio VP Log in page to reset the password.

• LDAP is implemented, and a VP administrator user with permission to bypass LDAP authentication logs in to Alio VP with a unique Alio VP administrator user name and password, the message "Your password has expired. An e-mail has been sent to you in order to reset your password." The user will receive a Reset Your Password e-mail notification that contains a Reset Your Password link.  

The Password Expiration utility is disabled for VP administrator users that log in using their network user name and password (i.e., LDAP is implemented).