Security FAQs
The following table provides answers to frequently asked questions regarding application security.
| Question | Answer | 
|---|---|
| What are the password complexity requirements? | Flexera One passwords must contain at least eight characters and must also include at least one character from each of the following sets: Lowercase letter Uppercase letter Number Valid symbol from this list: !@#$%^&* Your password must not include any part of your email address. | 
| How does Flexera One store my password? | Flexera One protects passwords using the bCrypt algorithm, which is a one-way hash function incorporating salt. | 
| Can I reset my password if I have forgotten or lost it? | Yes, you can send an email to reset your password. For North American assigned accounts, reset your password at app.flexera.com/password/request. For European assigned accounts, reset your password at app.flexera.eu/password/request. For APAC assigned accounts, reset your password at app.flexera.au/password/request. Enter your email address and click Email Link. | 
| What happens if I am locked out? | After attempting to sign in three times with an incorrect password, your account will be locked out for 15 minutes. During the lockout period, you cannot sign in (even with the correct password) but you can reset your password. Lockout is used to block brute-force attacks. | 
| How long is the idle session timeout? | 30 minutes | 
| How long is the absolute session timeout? | 8 hours | 
| Where can I find information about which users in my organization are active or inactive? | Administrators in an organization can go to the Flexera One Administrationmenu and selectUsersfrom theIdentity Managementsubmenu to see activity information. After selecting a user, go to theInfotab. Last login indicates the last time this user logged into the Flexera One UI. Last API login indicates the last time when this user used their API Refresh token to create an access token for Flexera One API access. | 
| How are the user’s last login and last API login timestamps calculated? | Flexera One users are global and often have access to multiple organizations. Each user’s Last loginandLast API logintimestamps are also global. When a user logs in to the Flexera One UI, their Last login timestamp is updated and visible to administrators in any organization they have access to. When a user uses their API refresh token, their Last API login timestamp is updated and visible to administrators in any organization with which they are affiliated. |