Skip to main content
Skip table of contents

Password Requirements

For Thru Portal and Machine User Passwords:

  • With Multi-Factor Authentication (MFA):

    • Password Requirements: A minimum of 8 characters is required.

    • Password Integrity: Any password that has not been reported as breached is permitted.

    • Recommended at least 64 characters, more is better

  • To enhance security without the use of Multi-Factor Authentication (MFA), consider the following guidelines:

    • Password Requirements: Ensure that passwords have a minimum length of 12 characters. This is particularly relevant for Machine users, as they are unable to enable MFA.

    • Password Integrity: Allow any password that is not known to have been compromised in previous breaches.

    • Recommended at least 64 characters, more is better

By adhering to these standards, you can maintain a higher level of security even in the absence of MFA.

Breach DB Check : Password must not be found in breach DB applies to all portal and machine users.

Users can create passwords up to 256 characters in length.

All ASCII/Unicode characters are allowed, including emojis and spaces.

Stored passwords are hashed and salted, and never truncated.

Prospective passwords are compared against password breach databases and rejected if there’s a match.

Passwords do not expire.

Users are allowed 10 failed password attempts before being locked out of the service.

Passwords do not have hints.

Complexity requirements — like requiring special characters, numbers or uppercase letters — are not required.

Sequential passwords are permitted in Thru as long as they do not fail the requirements above.

You probably notice that some of these recommendations represent a departure from previous assumptions and standards.

For example, NIST has removed complexity requirements like special characters in passwords; this change was made in part because users find ways to circumvent stringent complexity requirements.

Instead of struggling to remember complex passwords and risking getting locked out, they may write their passwords down and leave them near physical computers or servers.

Or they simply recycle old passwords based on dictionary words by making minimal changes during password creation, such as incrementing a number at the end.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close