.left-arrow.case-study { left: calc(50vw + 683px - 54px - 70px); } .right-arrow.case-study { left: calc(50vw + 683px - 54px - 20px); }
Enable’s password strength rules are as follows:
In addition, other measures are in place to prevent passwords being breached or guessed. These include:
There is no maximum password length, and there are no requirements to have uppercase, lowercase, numeric or special characters. Passwords do not expire, and there is no restriction on using a previously used password.
Our belief is that the primary measure of a password's strength is its length. The higher-than-average minimum password length, along with the 5-attempt lockout and the common/breached password restrictions, effectively nullify any brute-force breach attempts without requiring mixtures of different character types.
Our password policy is in line with the United States National Institute for Standards and Technology's and the UK National Cyber Security Centre's password strength guidelines.
In addition to the other measures, we use a service called 'haveibeenpwned', which allows us to check if a password has previously been exposed in a data breach. It is a good security practice to not use previously exposed passwords, as they may be easily guessed, or a malicious web user may already have a list of breached passwords. For this reason, Enable does not allow passwords which have been exposed in a data breach.
Please be assured that there is no indication that any Enable passwords have been exposed in a data breach.