Technical configurations for citizen portals
Request received 8 December 2025
This request is made under the Freedom of Information Act 2000 and relates only to citizen-facing online services (for example, housing portals, council tax accounts, or benefits portals). It does not concern internal staff systems or administrative tools. The research does involve information on detailed technical configurations for public-facing web portals. Please provide the following information/documents:
1. A copy of (or extract from) your current policy that governs user authentication for citizen-facing online services.
2. The specific password rules that apply when citizens create an account or perform a password reset. For example, password character minimum and maximum limits, special character enforcement.
3. Whether MFA is offered or required for citizen-facing services, and, if so, what types are supported (e.g. SMS, email, or authenticator app).
4. A brief description or document outlining how password resets or account recovery are handled for public users (e.g. email verification, security questions, or other processes).
5. The date these policies were last reviewed or updated, and whether the policies align with any national or international guidance (e.g. NCSC, NIST SP 800-63, or ISO 27001).
Responded 30 December 2025
East Cambridgeshire District Council Self-Serve Portal
1. Information Not Held
2. Password: special characters are optional (allowed characters: !, @, $, ^, _, *, ~), and must contain at least one lowercase letter, one number. The password must be at least 9 characters.
3. No
4. Email / Phone Number / Address verification. We then send them an email, and they need to click the link in the email to reset their password.
5. Reviewed annually