A E S Direct - True Innovation In Export Automation

Home

Press enter to skip left navigation bar
Log In
AESDirect
Certification Quizzes

Account Set-up & Management
Register New Account
Registration Help
Re-Activate an Account
Terms & Conditions
Privacy Policy
Privacy Act Statement
Account Administration

Vendor Account Set-up
Developers Center
Register Vendor Account

Training
User Guides
Sample Shipments
Online Training
Workshops
AES Compliance

Using AESDirect
Who to Contact
Support Center
Browser Support
Developers Center
News

AESPcLink
About AESPcLink
Getting Started
Terms & Conditions

AESDirect VPN
About AESDirect VPN
Set up AESDirect VPN

Related Sites
Government Sites
Partner Sites

A E S Direct Support Center

AESDirect Account Rules
[Support Center Home]

Username Rules

Each User in AESDirect should have their own Username. To clearly identify each User and to provide equal access to all users, strict rules are in place for the creation of Usernames.

Unique - All AESDirect usernames must be unique across the AESDirect system, even between different companies. For example, Company ABC creates username 'JohnDoe.' Company XYZ cannot also create a 'JohnDoe.' They may, however, create a version of this username, such as 'JohnDoe123' if available.

Complex - Usernames must be alpha-numeric and between 3 and 25 characters long

Usernames are Not Case Sensitive

One Life Only - Once a username is created, it is permanently assigned to the company that created it, even if the user moves to a new company.

Password Rules

As with Usernames, AESDirect Password Rules are strictly enforced, in this case, to maximize security. Common words and phrases are not acceptable.

Complex - All passwords must be at least 12 characters long and contain characters from 3 of the following 4 groups:

  • Lowercase letters
  • Uppercase letters
  • Numbers
  • Non-alphanumeric characters (¡ # $ %);

At least 6 of those characters may occur only once in the password

Unique - Passwords cannot contain any familiar words or sequential character strings. They must also vary significantly each time they are reset.

  • Passwords cannot contain any string that is also contained in the username
  • Passwords cannot contain any dictionary words
  • Passwords cannot contain any common strings such as
    • A sequential series of letters (e.g. abcd)
    • A sequential series of numbers (e.g. 1234) or pattern of numbers (e.g. 2468)
  • Password must be unique for 4 years
  • Passwords must be unique within the last 24 passwords

Temporal - Passwords on standard User accounts will expire every 60 days. Each new Password must meet the above parameters. You will be notified each time you login of the number of days remaining until your password expires.

Passwords cannot be changed more than once per day.

Session Rules

Every time you log in to AESDirect, a timer is activated. This timer serves both as a session regulator and an activity counter. To improve security, User Accounts may only be inactive for a finite amount of time, whether for an individual session, or the accounts lifespan.

Account Inactivity

  • Users will be deactivated if they have not logged in for 30 days
  • E-mail warnings will be delivered to the User once a day after 25 days of inactivity. The E-Mail will remind of the need to change their password and direct them to the appropriate resources.
  • Once deactivated, the Account Administrator or User Manager will need to reactivate the User

Session Timeout

  • All AESDirect User sessions will time-out after 15 minutes of inactivity.
    A pop-up will notify a User 5 minutes before time-out.
  • Actions, such as opening a window or moving from one page to another, will reset the 15 minute timer
  • Once inactive for more than 15 minutes, the User will be forced to log in again. All data will be lost

Concurrent Sessions

  • Each Username can be used for up to 5 simultaneous sessions. That is, a user can login to 5 different computers, or 5 different types of web browsers on one machine, at the same time.
  • The 6th session attempt will fail. The attempt will be logged.

Lockout

  • Users are permitted 5 attempts to login to their account
  • After 5 consecutive, invalid login attempts within 15 minutes the user will be locked out
  • Locked out User must be reactivated by the Account Administrator, only 15 minutes after the final failed login attempt

U.S. Census Bureau Foreign Trade Logo U.S. Department of Commerce

[top of page]