FI16539

Request

1. A copy of (or extract from) your current policy that governs user authentication for citizen-facing online services.

2. The specific password rules that apply when citizens create an account or perform a password reset. Fore example, password character minimum and maximum limits, special character enforcement.

3. Whether MFA is offered or required for citizen-facing services, and, if so, what types are supported (e.g. SMS, email, or authenticator app).

4. A brief description or document outlining how password resets or account recovery are handled for public users (e.g. email verification, security questions, or other processes).

5. The date these policies were last reviewed or updated, and whether the policies align with any national or international guidance (e.g. NCSC, NIST SP 800-63, or ISO 27001).

Response

1. The Council does not hold this information.

2. As follows:

• Residents Portal – Password should be longer than 7 characters and must contain one uppercase letter, one number and a special character.
• My Permit – Password must contain at least 8 characters including one lower case, one upper case and one numeric character.
• Public Access – Password must be between 8 and 24 characters long, contain at least one uppercase, one lowercase and one numeric character.
• Council Tax – Password must be between 12 and 30 characters long, contain at least one lower case, one uppercase and one special character from !@$%.

3. As follows:

• Residents Portal – No option
• My Permit – No option
• Public Access – No option
• Council Tax – SMS 2FA

4. The Council does not hold this information.

5. The Council does not hold this information.