LoanPro LMS Credentials
LoanPro LMS conforms to authentication security standards to help keep our applications secure and to keep us compliant with SOC and PCI-DSS standards. This article will cover password rotation and requirements. It will also touch on social and single sign on.
LMS requires that you change your password every 90 days. This is a best practice to maintaining password security, but also helps LoanPro stay SOC compliant.
Although the system will lock you out after 90 days, you can use the password reset process to change your password at any time. This can be done from the LoanPro login page.
To reset your password, do the following:
- Click the Forgot your password? link.
- Enter your user email on the Reset Password page and click SEND. This will send a password reset email to the email address entered.
- Click the link in the password reset email. This will send another email will a temporary password.
- Use the temporary password from the password email to log in. You will be asked to update your password.
- Use the temporary password to update to a new, non-temporary password.
If multi-factor authentication (MFA) is used, passwords must be at least 8 characters. If MFA is not used, LMS requires passwords to be at least 10 characters in length.
To learn more about MFA, see the Multi-Factor Authentication article.
In order to comply with audit requirements, we removed complexity requirements (e.g. 1 uppercase character). Instead, we encourage the use of MFA and long passwords or passphrases.
Additionally, we ensure that passwords were not previously used, do not use common patterns that make the susceptible to brute-force attack, and that they do not appear on lists of compromised passwords.
Social Sign On
LMS provides social sign on using Google credentials. Google doesn't require password rotation, which means users gain access to LMS using credentials that can persist indefinitely. If you use Google to sign in, consider a self-imposed password rotation schedule, or a long and complex password to protect against unauthorized LMS access.
Single Sign On
Single sign on is an option for LMS ONLY if you use LMS in a private-SaaS configuration. SSO requires some configuration in your PSaaS environment by LoanPro developers.