DutyMan Password Policy

Nobody really likes passwords and some people don't enjoy doing duties either! That’s why DutyMan's policy is to keep the barriers to logging in as low as possible in order not to discourage people from using DutyMan.

This means that

• Quick Login links mean that members don't need to log in at all. They can store the link as a browser shortcut/favourite and access DutyMan with one click.
• Members can login without a password. Instead they receive an email sent to their registered address. The email contains a time-limited link that logs them into DutyMan.
• Members can set their own passwords to omit the email loop. All passwords within DutyMan are securely one-way encrypted.

DutyMan's view is that this policy is commensurate with the value of the basic data held in the DutyMan database. However, if a club wishes to implement a level of security on top of DutyMan's it can do so using the technique described in Implementing your own security.

Administrator Login

In addition to logging in with name and password, DutyMan administrators may also login by email to a registered address. A One Time Password and a Captcha are used to verify that the recipient of the email is the person logging in.

Multi Factor Authentication

When MFA is enabled, DutyMan administrators must login with name and password and they are also emailed a login link verified by a One Time Password.