Upcoming Maintenance on Sunday Sept. 28th at 10PM: Please note that our service will be temporarily interrupted for some maintenance on Sunday September 28th, from 10PM to 00:00AM (EDT). During this period, the application will be inaccessible and some statistics may not be compiled. Also, some functionalities may be interrupted and any scheduled emails will be sent once the service is restored. We're sorry for any inconvenience this may cause you.
Close

Account protection: secure login & password policy

User account security is a priority. Several measures have been put in place to protect access to your account and prevent unauthorized logins.

Protection against suspicious login attempts

The system detects abnormal behavior during login. When a certain number of failed attempts are detected within a short period of time, protective measures may be applied automatically, such as:

These measures help block unauthorized access while ensuring legitimate users can continue to access their accounts. Protections are continuously improved following industry best practices.

Strengthened password policy

To enhance account security, all passwords must meet the following requirements:

A password may not contain:

Note: Checks for these restricted elements are case-insensitive.

The password must achieve a minimum score of 3/5 on a complexity scale (Very Weak, Weak, Medium, Good, Excellent).
Any password rated Very Weak or Weak cannot be used.

Compromised password detection

When creating or updating a password, it is checked against a public database of compromised passwords. If the password appears in this database, a warning will prompt the user to choose a more secure alternative.

Visual password creation assistance

A visual indicator is displayed to help users choose a password that complies with the policy in effect.

Mandatory Two-Factor Authentication (2FA)

By default, all platform users must have at least one active 2FA method.
When a new user is invited, email-based 2FA is automatically enabled. The user may also add a method using an authenticator app (e.g., Google Authenticator, Microsoft Authenticator).

If the app method is activated, the email method may be disabled, but at least one 2FA method must always remain active.

Two-factor authentication adds an extra layer of security by requiring a temporary code in addition to the password. This code is generated either by email or by an authentication app.

By default, 2FA is required at every login, unless the user is connecting from a trusted device. A trusted device remains recognized for a maximum of 30 days.

The number of attempts to enter a 2FA code is also limited to prevent attacks.

Learn more about two-factor authentication >

Security Tips

2FA is mandatory for all accounts and is a key measure to secure your access.

Additional best practices include:

Top