Authentication

Password policy for Arctic Wolf web portals

The password policy for all Arctic Wolf web portals is based on NIST Special Publication 800-63B guidelines to reduce the risk of compromise.

Passwords are stored as salted hashes and encrypted at rest.

Note: We do not store plaintext passwords.

Accounts are locked out for any of these situations:

10 consecutive failed login attempts for the same user and from the same IP address.
100 failed login attempts from the same IP address in 24 hours or 50 sign up attempts/minute from the same IP address.

The portal password policy minimum requirements are:


Attribute	Requirement
Minimum length	8 characters
Password expiration	none
Password history	none
Password complexity	The password must not be on the list of the 10,000 most common passwords.

Portals Arctic Wolf Unified Portal Managed Security Awareness Portal (MA Portal) Risk Dashboard Arctic Wolf Analytics Cyber JumpStart Portal Managed Security Awareness (MA) Managed Risk Incident Readiness and Response Managed Detection and Response (MDR) Aurora Endpoint Security Installation or Configuration Customers (Signed-in) Public

Last updated: March 30, 2026