Password and TFA Requirements

Login Attempts and Locked Accounts

• After 5 missed password attempts a Doctivity user will be locked out from logging in for 5 minutes.
• The User Interface will tell the user they are locked out of their account, but will not give further details or specify a time.
• After 5 minutes, the user can attempt to re-login.
• If a user changes their password in that 5 minute period, they will still be locked out, until the time elapses.

Are there Password Requirements?

• Password must contain a lowercase letter, an uppercase letter, a number, a special character, and be at least 8 characters long.

How does TFA work?

• Two factor authentication (TFA) is required for all users of the Doctivity app on mobile and/or desktop. TFA means that in addition to a secure password a user will be texted a 6 digit numeric code to a provided cell phone capable of receiving SMS messages which they must also enter to gain access. This is an additional second layer of security to the Doctivity system, and is required by most Healthcare clients.  
• TFA is prompted each time a user logs in to Doctivity unless,
  • They have logged in with the same IP Address in the past 48 hours, or
  • They are explicitly exempt from the TFA requirement and their account is provisioned with this setting. 

What if we want different requirements?

• As of December, 2023, the Doctivity app allows for customization of some login and TFA rules.
• Doctivity Clients may choose:
  • How many failed login attempts a user can have, until their account is locked (Default is 5)
  • How long an account is locked due to missed login attempts (Default is 5 min)
  • How long TFA can be skipped for a user re-logging in to Doctivity with the same IP Address until they need to re-enter TFA (Default is 48 hours)
• NOTE- All Members within a Doctivity client must share the same rule-set.