Skip to main content

Hosted Online - Password Policy

Updated over 2 weeks ago

Notification of Important Password Policy Update
Notice 09-02
Friday 10 February 2023

According to new guidelines from Cyber Security Government Agencies like Australian Cyber Security Centre (ACSC), The UK National Cyber Security Centre (NCSC), and The US Cybersecurity and Infrastructure Security Agency (CISA), companies and government departments should now be reviewing their password policies expiration and length rules to not burden their users with frequent password rotations. To ensure the best result for protection, they recommend putting in place and enforcing Multi-Factor Authentication (MFA) with the increase of password lengths – enabling users to create a proper ‘passphrase’.

At the Access Group, security is important to us, which is why MFA is already enforced for Payroll Online systems (compliant with ATO requirements), but to assist Access customers in creating proper passphrases, The Access Group is increasing the expiration time to 365 days and increasing the password length to 14 characters. This will in effect reduce the burden of rotating passwords from four times a year to once in a year.

This update will take effect on Friday 10th February 2023 and at this stage, you are not required to take any action. Furthermore, there will be no interruption to our services nor any down time while this change is made.

Post the update all existing passwords will be valid for 365 days after the date the password was last changed, with all future password changes valid for 365 days as per the guidelines, and future passwords will need to be set to 14 characters or more.

To encourage users to change their password before they expire, in the future The Access Group will send out reminder emails starting 14 days before password expiry and repeating each day until your password is changed or the password becomes expired.

Please note failing to change your password will lock your account and you will experience delays while our support team confirms and re-enable your account. Also due to the longer expiration period, we encourage all managers/users to let us know when accounts should be disabled as soon as possible to avoid any potential unwanted access.

To notify us of accounts to be disabled, raise a case online and reference the title of this article.

Related Articles
Hosted Online password has expired
Hosted Online password reset required
Hosted Online MFA Enrolment
MicrOpay ESS - Set up Multi Factor Authentication for ESS
Password Security at Login for MicrOpay
Did this answer your question?