Support HomeExpressNetExpress for BrowsersExpress for WindowsMVR InformationA-Plus™, Credit, UDI/UDVCriminal History

Search
Password Policy

This page has been viewed 8 times | Document Rating is  -- / 5.00 | Last Updated on 10/8/2010 1:33:56 PM | Print This Page


ExpressNet Password Policy
 

The iiX ExpressNet Password Policy was created to provide protection for the sensitive personal information contained within reports and requests located in ExpressNet. By providing stronger protection, we can ensure that information remains secure within the ExpressNet system.

Users: The ExpressNet Password Policy requires that each individual who will be requesting reports through ExpressNet be issued a unique User Sign-On for use only by that specific individual. ExpressNet Administrator's are charged with the task of creating a new User Sign-On for each user in their business who will be requesting reports through ExpressNet. (See article on: Creating Additional User Sign-Ons in ExpressNet)

Each ExpressNet user will be required to maintain a password of between 8 and 20 characters in length.  This password will expire every 60 days. When there are less than 10 days remaining until a password expires, the user will receive a message during sign-in that tells them how long until the password expires and asks if they want to change it at that time.  Once a password has been in effect for 60 days, it will expire and the user will be prompted to create a new password immediately upon their next login, provided the next login is within 60 days of the last password change. A summary of the password rules follows:

All Users (except those that fit Exceptions 1 or 2 below):

  1. Passwords must be from 8 to 20 characters long.

  2. Passwords may not contain a string of characters that are the same as the User SignOn ID.  (For example:  User ABC may not set a password containing the letters ABC consecutively (in either upper or lower case).  The following would not be valid passwords for user ABC:  ABC123abc or AbcabC22.

  3. The password must contain at least 3 of the following 4 character types:

    • Upper case letters

    • Lower case letters

    • Numbers

    • Special Characters, such as: $, #, %, *, !, etc.
           => (Examples: XYZ123$%One4the$$$DeFg1234P*s*w*r*04) <=

  4. Passwords over 60 days old are automatically expired. The user has an additional 60 days to log in and set a new password.  If the user has not created a new password within 120 days of their last password creation, the access is revoked and the user must contact iiX Customer Support (at 800.683.8553, option #7) to have it reset.

Exception 1:  Users who have been approved to access California  MVRs via ExpressNet are subject to the following password requirements:

  1. Passwords over 60 days old are automatically revoked (by state rules) and the user must contact iiX Customer Support to have it reset.

  2. The password must be from 8 to 20 characters long.

  3. The password must contain at least 3 of the following 4 character types:

    • Upper case letters

    • Lower case letters

    • Numbers

    • Special Characters, such as: $, #, %, *, !, etc.
           => (Examples: ABC123$%14the$$$AbCd1234P*s*w*r*04) <=

Exception 2:  Users who have been approved to access Washington MVRs via ExpressNet are subject to the following password requirements:

  1. Passwords over 60 days old are automatically expired. The user has an additional 60 days to log in and set a new password.  If the user has not created a new password within 120 days of their last password creation, the access is revoked and the user must contact iiX Customer Support to have it reset.

  2. The password must be from 8 to 20 characters long and may not contain a string of characters that are the same as the User SignOn ID.  (User ABC may not set a password containing the letters ABC consecutively (in either upper or lower case):  for example:  ABC123abc or AbcabC22;  JIM may not set a password containing "JIM" - for example:  022185Jim or JIM**DOE.

  3. The password must contain at least 3 of the following 4 character types:

    • Upper case letters

    • Lower case letters

    • Numbers

    • Special Characters, such as: $, #, %, *, !, etc.
           => (Examples: ABC123$%14the$$$AbCd1234P*s*w*r*04) <=


An ExpressNet password will be revoked if a user has 3 consecutive failed sign-on attempts. At that time, the user may proceed to our automated password reset procedure (Forgot Password? link), or contact iiX Support at (800) 683-8553, option 7. For more information on the procedures for resetting password, see below.

Administrators: Each ExpressNet account will require at least one individual to function as the Administrator of the account. This person will be charged with creating, deleting, and maintaining user Sign-On information, as well as modifying agency information as needed (Ex: Address Change, Fax Number Change, E-mail address change, etc.)

The Administrator must provide iiX with a valid e-mail address and administrative password during the registration of the account for ExpressNet.  The administrator e-mail address will be used to send information regarding user password expirations or revocations, as well as information about changes that effect your iiX account.

The Admin Password requirements are as follows:

  1. Admin Passwords must be from 8 to 20 characters long.

  2. Admin Passwords must contain at least 3 of the following 4 character types:

    • Upper case letters

    • Lower case letters

    • Numbers

    • Special Characters, such as: $, #, %, *, !, etc.
           => (Examples: XYZ123$%One4the$$$DeFg1234P*s*w*r*04) <=

 

If the Admin E-mail address is not correct, the customer may submit an ExpressNet Administrative Information Change Form which has been copied onto their company letterhead and signed by the Admin person or someone who has authority over the Admin person. If additional information such as the account name, address, or phone number has changed, an Account Change Form should be submitted.  All written requests for changes are to scanned into the iiX document retention system in case of future dispute.

   The following sections will describe the procedures and guidelines relating to password recovery
    and assignments:

 

    Guidelines for Forgotten or Revoked ExpressNet User Passwords:
 

  • If a user has forgotten or revoked their password, iiX will e-mail a new temporary password via the online password reset system.  (Note:  This option is not available to users who are approved to order California MVRs. Those users must contact iiX Support by phone only  for assistance.)
     

    • To begin the automated password recovery procedure, click on the "Forgot Password?" link located on the ExpressNet Sign-In Page.

      Note: This procedure will only work if there is a valid e-mail address on file for this User Sign-on and a Security Question and Security Answer were previously entered into the user's profile.
       

    • After clicking on the "Forgot Password?" link, the user will be prompted to enter their Account Number and User Sign-On.
       

    • After submitting this information, the user will be prompted with their security question and a field to answer this question.  The user will have two attempts to answer the security question for their User Sign-On.  If they fail to answer the Security Question correctly in two attempts, they will be locked out of the system and then must personally contact iiX Support by phone at (800) 683-8553, option 7,  for assistance.
       

    • If the security question is answered correctly, a pop-up box will appear stating that a temporary password is about to be sent to the e-mail address the user has on file.
       

      • If the e-mail address in the pop-up box is not accurate, the user will need to contact iiX Customer Support for further assistance.
         

        • Contact iiX Support at (800) 683-8553, option 7.
           

        • iiX Support will verify the name of the user in order to release password information.
           

        • iiX Support will ask the security question that the user has on file.
           

          • If the user is able to successfully answer the security question, iiX Support will assign a temporary password and provide instructions on modifying the e-mail address for the user sign-on.
             

          • If the user is unable to answer the security question, iiX Support will forward a temporary password to the Administrator E-mail Address on file.  The e-mail to the Administrator will not include either the account number or the user ID of the individual (for security reasons). The user should make the Administrator aware that iiX will be sending a new password for them so that the Admin knows who to contact within their organization.
             

      • If the e-mail address displayed is valid for this user, they will receive an e-mail with a temporary password and instructions on how to proceed. The e-mail will not include the User sign-on or Account Number, for security reasons.  (The temporary password that is assigned is a one-time use password that must be changed upon entering ExpressNet. Temporary password are valid for 96 hours from the time of creation.)

       

  • If the user has revoked their password after 3 consecutive failed login attempts, and is unable to complete the automated password recovery procedure:
     

    • The user will need to contact iiX Support at (800) 683-8553, option 7.
       

    • iiX Support will verify the name of the user in order to release password information.
       

    • iiX Support will then ask the security question that the user has on file.
       

      • If the user is able to successfully answer the security question, iiX Support will assign a temporary password over the phone. This password will need to be changed after signing into ExpressNet.
         

      • If the user is unable to answer the security question, iiX Support can forward a temporary password to the Administrator E-mail Address on file.  The e-mail to the Administrator will not include either the account number or the user ID of the individual (for security reasons). The user should make the Administrator aware that iiX will be sending a new password for them so that the Admin knows who to contact within their organization.

     

  • If the user has forgotten their password, but it has not yet been revoked, and the user cannot use the online reset system (or if the user is approved to order California MVRs through ExpressNet):
     

    • The user may contact iiX support at (800) 683-8553, option 7.
       

    • iiX Support will verify the name of the user in order to release password information.
       

    • iiX Support will then ask the security question that the user has on file.
       

      • If the user is able to successfully answer the security question, they will be given their password over the phone. (In the case of users approved for California MVR access, a temporary password will be issue, as the user's password is encrypted and cannot be accessed by iiX Support personnel.)
         

      • If the user is unable to answer the security question, iiX Support can forward a temporary password to the Administrator E-mail Address on file.  The e-mail to the Administrator will not include either the account number or the user ID of the individual (for security reasons). The user should make the Administrator aware that iiX will be sending a new password for them so that the Admin knows who to contact within their organization.
         

    Guidelines for Forgotten ExpressNet Admin Passwords:

  • iiX will E-mail the Admin Password to the Admin E-mail address entered during registration.

  • If the Admin E-mail address is not correct, the customer may submit a request to update the Admin E-mail address by filling out section C of the Account Change Form and sending it in to iiX. Section D of this form must also be properly signed and authorized by the Admin person or someone who has authority over the Admin person – such as a VP or owner – with a signature and their title. If additional information such as the account name, address, or phone number has changed, sections A and B of the Account Change Form should also be filled out and submitted.  All written requests for changes are to scanned into the iiX document retention system in case of future dispute.

    Guidelines for Changing the ExpressNet Admin Password or Admin E-mail Address:

  • The customer must request to change the Admin password and/or Admin e-mail address by filling out section C of the Account Change Form and sending it in to iiX.  Section D of this form must also be properly signed and authorized by a person with authority over the Admin person – such as a VP or owner – with a signature and their title. The requestor should specify the new Admin Password they wish to use.  If additional information such as the account name, address, or phone number has changed, sections A and B of the Account Change Form should also be filled out and submitted.  All written requests for changes are to scanned into the iiX document retention system in case of future dispute.
     

    Guidelines for Releasing Account Passwords:

  • If the customer has previously used iiX dial up software, such as Express for Browsers, they should first attempt to locate the password from their iiX software.

  • If unable to do that, iiX will FAX the account Password to the FAX # on file in the iiX Customer Management system, to the attention of the person making the request.  The same fax will not include the account number, for security reasons.

  • If the FAX # in the iiX Customer Management system is not correct, iiX will require that the customer submit an Account Change Form. Once the new FAX number is received on the proper form, the password information will be forwarded to the customer.  All written requests for changes are to scanned into the iiX document retention system in case of future dispute.

Search:

If you have suggestions for additional information, or need further assistance, please contact us by e-mail: iiX Customer Support or via phone at (800) 683-8553.