For those organizations who do not use SSO to sign in to Together and have opted for the Email and Password login method, we have a few specific requirements for your user's password strength:
Passwords must be:
- A minimum of 6 characters
- Not match our database of common passwords. For example, passwords such as "123456" or "password" will be rejected.
Below are some examples of common password mistakes to avoid:
- Do not use easily guessed passwords, passphrases, or PINs (e.g. “password”, “let me in”, “1234”), even if they include character substitutions (e.g. p@ssword)
- Do not use common expressions, song titles or lyrics, movie titles, or quotes
- Do not use your personal details (e.g. birthday, hometown, pet’s name)
Generally, we recommend complex passwords for organizations using this login method. Complex passwords consist of at least six characters, including three of the following four character types: uppercase letters, lowercase letters, numeric digits, and non-alphanumeric characters such as & $ * and !. We recommend you do not re-use your Together password for other services such as your email account and generally recommend using a password manager (i.e. Bitwarden, Lastpass, etc) to store/manage your passwords and to assist in generating sufficiently complex passwords/passphrases.
Passwords do not expire. They are the same for admins and users. Accounts will be disabled for too many incorrect password attempts. Since Together uses a Google-based product for handling sign-ins, it follows the same rules of 'suspicious activity' that Google implements, including the number of attempts.
Have more questions? Submit a request here and let us know how we can help!