Username and password requirements for SendPro Enterprise

The following applies only to SendPro Enterprise users of tenants that are configured to use the product's built-in user authentication feature. This policy is overridden when the tenant implements a third-party identity provider (IdP; OIDC). Contact Pitney Bowes if you're unsure of your tenant's configured authentication method.

Following are the user name and password policies enforced in SendPro Enterprise:

User Name

• Must not contain a space
• Must not contain special characters

Email Address

• User account must have an associated valid and verifiable email address
• Email address must not contain special characters

Password

• Must be at least 12 characters in length
• Must not be equal to any of the previous 4 passwords used
• The minimum age must be 3 days old
• Passwords expire after 90 days and must be reset
• Must contain at least one special character
• Must contain at least one number
• Must contain at least one upper-case character
• Must contain at least one lower-case character
• Must not contain more than 3 repeating characters

Authentication Security

• User accounts are locked after 5 failed login attempts
• After locking, user accounts remain so for a minimum of 15 minutes
• Account reset codes sent via email expire after 10 minutes
• Session cookies expire after 10 hours requiring re-authentication