You would like to know the Password Policy for Administrator Accounts in Jive. This article intends to provide information on the Jive's password policy - as well as related security measures - for Admin Accounts.
Password complexity / strength
Jive's password policy states that passwords must be a minimum of eight characters long and must have a minimum of three of the following five categories.
- At least one upper case character.
- At least one lower case character.
- At least one number.
- At least one special character.
- Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase.
- Previous ten passwords cannot be used unless a limitation exists in the system that requires a setting of less than 10. In such cases, the maximum number allowed by the system must be used.
Passwords must be changed at least once every 90 days for both IT-managed and hosted systems.
Accounts are locked out for a minimum of 15 minutes after at most ten incorrect login attempts, with the lockout counter resetting after at least 15 minutes.
- To prevent a Jive admin from being able to log on to any instance and change password(s), access to change the password is highly restricted, much as it is within in an instance. Within Jive, changes to the admin passwords are audited and flagged by the SIEM (Security Information and Event Management) processes. Out-of-cycle changes are quickly identified and flagged for incident investigation.
- Access to the JCA console requires that employees first connect via the Aurea / Jive VPN tunnel. VPN permissions are terminated as part of the off-boarding process, which is validated and audited by our SOC 2 and ISO 27001 auditors. Termination of VPN permissions prevents ex-employees from being able to conduct an unauthorized activity.
If further concerns still remain, customers may request specific customization with a Professional Services (PS) engagement.