Best practices for security within Vonage Contact Center
To improve security and protect your data and prevent it from being compromised, we recommend following security best practices within VCC.
Password expiry
Evidence suggests that password expiration policies lead to users configuring weaker passwords to make them easier to remember. Additionally, most users configure new passwords as a minor variation of the old ones. The current recommendation is to not enforce mandatory password changes and to mandate password changes only when there is evidence of the existing password being compromised, a suspected breach, or a specific threat.
Recommendations against the practice of expiring passwords:
- National Institute of Standards and Technology (NIST): Digital Identity Guidelines (SP 800-63B Section 5.1.1.2)
- United Kingdom's National Cyber Security Centre (NCSC): Password administration for system owners (Tip 4: Help users cope with password overload)
- Center for Internet Security (CIS): The CIS Password Policy Guide
For general assistance, please contact Customer Support.
For help using this documentation, please send an email to docs_feedback@vonage.com. We're happy to hear from you. Your contribution helps everyone at Vonage! Please include the name of the page in your email.