PCI Password Security Updates: What You Need to Know


Join our newsletter!

Receive the latest data collection news in your inbox.

FormAssembly is continually making enhancements to our product, and we strive to exceed security and compliance requirements throughout our organization. As Payment Card Industry (PCI) requirements frequently change, our product team works hard to maintain and keep up with these changes, and we are excited to offer even more password security enhancements.

Here are a few of the steps we’ve taken to improve our overall security.

Standard password controls

  • Passwords require a minimum length of at least seven characters.
  • Passwords must contain both numeric and alphabetic characters.
  • Password parameters are set to require that new passwords cannot be the same as any of the four previously used passwords.
  • Users must change passwords at least every 90 days.
  • User accounts are temporarily locked out after not more than six invalid access attempts.
  • Passwords are protected with strong cryptography during transmission and storage.

Advanced password controls

  • First-time passwords for new users, as well as reset passwords for existing users, are set to a unique value for each user and are changed after first use.
  • Once a user account is locked out, the account will remain locked for a minimum of 30 minutes or until a system administrator resets the account.
  • The system/session idle time-out feature has been set to 15 minutes or less.

To adjust to the time-out feature, remember to save as you go when you are working to build your forms or your connectors, and make sure you save your work before navigating away from your form builder or connector. If you need support as you adjust to these new FormAssembly upgrades, please contact our customer success team.

Don’t just collect data
— leverage it