Using Passwords in the Veracode Platform

Getting Started Guide

The Veracode Platform protects your data in numerous ways. One of the most important ways is by securing your login so that it is not vulnerable to password guessing or brute force attack. Veracode does this by:

  • Enforcing minimum password complexity rules
  • Password expiration
  • Enforcing a user account lockout after five (5) failed login attempts
  • Offering optional two-factor authentication

Password Complexity

Your password must meet the following criteria:

  • Minimum of eight characters long (cannot be empty)
  • Must contain characters in at least three (3) of the following categories:
    • Uppercase characters
    • Lowercase characters
    • Numeric characters
    • Special characters (e.g. @$#%^)
  • Cannot contain more than three consecutive digits (e.g. 12345678) or more than three repeated characters (e.g. aaaabbbb)
  • Cannot be cyclical (e.g. cannot change password from passwd11 to passwd12 to passwd13)
  • Cannot reuse any of the last five passwords
  • Cannot contain parts of your name or username, or be a variant of your username (e.g. cannot be a lower case version of your upper case username)

The password strength meter on the Your Account page gives graphical feedback as you enter your password.

If you forget your password, you can use the Forgot Password link on the login screen to reset your password, or contact Veracode support.

Password Expiration

You must change your password once every 90 days. When your password has expired, you are prompted to change the password at login.

Security Question Answers

Existing security answers require the correct case, leading, or trailing white space until you update the answers. If you update and save your security question answers, the case sensitivity of the answer, as well as the leading (how text is spaced vertically in lines), and non-functional white space at the end of your answer is ignored. For example, if you updated your security question answer to JohnDoe, the Veracode Plaform would accept johndoe as a valid response.

User Lockout After Five Failed Login Attempts

You can reset your password at any time. After three failed attempts to enter a correct password, you are prompted to try to reset your password. Your account is automatically locked after five failed attempts to enter a correct password. This lockout protects your account from brute-force attacks.

If your account becomes locked out, Veracode notifies you via email. You must contact your administrator to receive a link that enables you to reset your password.

Optional Two-factor Authentication

Your account may choose to implement two-factor authentication via a secure token. This is a physical object that generates a constantly changing random number that provides an additional proof of your identity alongside your username and password.

Inactivity logout

The Veracode Platform automatically ends your session and logs you out after a period of 15 minutes with no activity.