Penelope login accounts uniquely identify users via a system-generated unique ID number as well as by their login name and password. Organizations can determine the login name for each user.

Password management practices are modelled after NIST SP 800-63b. Users

are provided with visual cues when setting passwords to ensure they meet minimum

strength and complexity requirements.

Strength and complexity are calculated algorithmically, and include factors such as variety and type of characters (numbers, letters, non-alphanumeric), and minimum length.

Organizations can also implement a password reset schedule. As password advice from NIST or other similar security bodies is introduced, we will change the approaches in our products to match over time.

Passwords are encoded (i.e. not stored in clear text and cannot be unencrypted) and are therefore not accessible to anyone irrespective of access. Within Penelope, many screens contain a user login name and time stamp for record creation and modification.

Data stored in Penelope databases on our servers are securely encrypted in transit

using industry best practice standards.

Any data transferred to a client outside of Penelope is encrypted.

Note: please be advised that you must choose a password that is different from your last 10 passwords.