Password strength in Cloud Platform¶

Password requirements on Cloud Platform¶

Cloud Platform applies several rules to test a password’s strength, based on the entropy (randomness) of the sequences in the password. All passwords used for accessing the Cloud Platform user interface must meet the following criteria:

• Is at least 12 characters in length
• Has at least one capital letter
• Has at least one lower case letter
• Has at least one special character
• Doesn’t reuse any of the user’s previous 24 passwords

Testing password security when changing passwords¶

As you type a new password, the Acquia password policy system tests and reports the password’s strength. If you try to create a password that doesn’t meet Acquia’s password strength requirements, Cloud Platform displays an error message describing why the password strength is insufficient.

Protecting against brute-force attacks¶

The Cloud Platform user interface protects you from brute-force attacks by the following policies limiting the total number of sign-in attempts:

• After three failed sign-in attempts during a 30 minute timeframe from a single user and IP address, Cloud Platform blocks the user name (email) and IP address combination from signing in for one hour.
• After 50 failed sign-in attempts in an hour from a single IP address, Cloud Platform blocks the IP address from signing in for one hour.

If you are blocked due to multiple failed sign-in attempts, you may request a new password by email to bypass the hour block window.