Why we follow best practice password security
Your AskYourTeam password is very important. It's one of the key pieces of information you need to be able to log in and access our system.
Your AskYourTeam password should only be used for AskYourTeam and not reused for any other sites on the internet. It should also be difficult to guess. However, we know some customers do reuse passwords or have passwords that use common words or number combinations.
So we've added two layers of additional security.
1. We'll alert you to common words or number combinations
When you create or update your password, we'll tell you if it contains any common words or number combinations. These must be avoided to ensure your password is not easy to guess.
Here are a few examples of passwords that include common words or number combinations:
- 123456a
- 123123123
- football1
- Iloveyou2
- charlie1
- passw0rd
2. We'll inform you if your password is detected in another company's data breach
This is only relevant if you use your AskYourTeam password or proposed password for other sites on the internet.
For new passwords: When you create or update your password, we check it against any known data breaches from other companies. For example, if you've used that password for another site that's had a data breach, we will ask you to choose a different password for your account.
For existing passwords: For existing users of AskYourTeam, each time you log in, we securely check your password against any known data breaches from other companies. If we detect that your password has been leaked or made publicly available by another website you're using, we will send you an email alert asking you to change your password. Please remember if you receive this email, your password was compromised by another site, not AskYourTeam.
⚠️ Didn't use this password anywhere but AskYourTeam? If you've used common word or number combinations, someone else on the internet may have the same password. They may be using it for another site(s) on the internet where it's been compromised. In this situation, you should still change your password.
How do we check if your password has been compromised?
Your password is never shared and never leaves AskYourTeam. We use an industry-standard, third-party service called Have I Been Pwned? We begin by hashing your password and then check it against the Have I Been Pwned database using a secure method called k-anonymity.
💡What is hashing and k-anonymity? Hashing is a process that transforms your password into a random fixed-length value. K-anonymity is a method of protecting privacy within a dataset.