Authentication tokens must be used if your information is sensitive.
In all cases, the use of authentication tokens is highly recommended, especially if you don’t entirely trust your users to choose strong passwords.
A strong password:
- is at least 8 characters long
- includes upper and lower case letters, numbers, and punctuation
- does not include any information that other people know about you, for example, your wife’s name, your date of birth, school or place of birth
- does not contain any word you might find in a dictionary, unless some of the letters have been replaced by punctuation or numbers
- there are no repeated character sequences.
The Haplo password recovery system will send a password recovery email to the email address that you use to log in. This email allows you to set a new password. This means that the security of your Haplo system is equivalent to the security of your email system, unless you are using authentication tokens as an additional security measure.
You must not check the remember me box on any computer that you do not fully trust, especially not a public computer.
If your security needs are especially stringent, you can disable the “remember me” feature.
On the same screen, you can invalidate all stored credentials. Use this option if any of your computers or laptops are stolen.
Haplo takes two technical measures to minimise the risk posed by weak passwords:
- When choosing your password, Haplo ensures that it contains at least 8 characters and includes both letters and numbers — however, this only catches the really weak passwords and users still need to think about choosing a good password.
- If someone makes too many incorrect log in attempts, logging in from their location is automatically blocked for a period of time. This means that automated password guessing software cannot make unlimited guesses.
Even with these measures, weak passwords compromise the security of your information.