General Password Policy

This password policy applies to all user roles in the system (including admin, buyer, procurement users, enterprise users, etc.).


Password Expiry

  • Passwords must be changed every 90 days.
    (Maximum password age: 90 days)

Expiry Reminders

  • Users will receive reminders 10 days, 3 days, and 1 day before their password expires.

Minimum Password Age

  • N/A
    Users are not restricted by a minimum number of days before changing their password.

Password Change Delay

  • After changing a password, users must wait 24 hours before changing it again.

Password History

  • Users cannot reuse their last 4 previously used passwords.
    (Password history: 4)

Password Complexity Requirements

Passwords must:

  • Be at least 8 characters long
    (Minimum password length: 8 characters)

  • Contain at least:

    • 1 uppercase letter

    • 1 lowercase letter

    • 1 number

    • 1 special character (symbol/punctuation)


Account Security Controls

Account Lockout Threshold

  • Account will be locked after 5 invalid login attempts.

Account Lockout Duration

  • User will need to contact TB Support.

Inactivity Lockout (Session Timeout)

  • Users will be automatically logged out after 15 minutes of inactivity.