Skip to main content

Why we follow best practice password security

AskYourTeam Help CentreTechnical set-up & security

Why we follow best practice password security

Your AskYourTeam password is incredibly important. It's one of the key pieces of information you need to be able to log in and access our system. Your AskYourTeam password should only be used for AskYourTeam and not reused for any other sites on the internet. It should also be difficult to guess.

However, we know some customers do reuse passwords or have passwords that use common words or number combinations.

So we've added two layers of additional security.

1. We'll alert you to common words or number combinations

When you create or update your password, we'll tell you if it contains any common words or number combinations. These must be avoided to ensure your password is not easy to guess.

Here are a few examples of passwords that include common words or number combinations:

123456a
123123123
football1
Iloveyou2
charlie1
passw0rd

2. We'll inform you if your password is detected in another company's data breach

This is only relevant if you use your AskYourTeam password or proposed password for other sites on the internet.

For new passwords: When you create or update your password, we check it against any known data breaches from other companies. For example, if you've used that password for another site that's had a data breach, we will ask you to choose a different password for your account.

For existing passwords: For existing users of AskYourTeam, each time you log in, we securely check your password against any known data breaches from other companies. If we detect that your password has been leaked or made publicly available by another website you're using, we will send you an email alert asking you to change your password. Please remember if you receive this email, your password was compromised by another site, not AskYourTeam.

How do we check if your password has been compromised?

Your password is never shared and never leaves AskYourTeam. We use an industry-standard, third-party service called Have I Been Pwned? We begin by hashing your password and then check it against the Have I Been Pwned database using a secure method called k-anonymity.