Account security

My ePay Window is a highly secure website and service:

  • All traffic to and from My ePay Window is sent via Https encryption

  • My ePay Windowhas a security certificate issued from top level provider; Verisign.

  • The Portal is secured behind firewalls and subject to weekly and annual 3rd party security tests.

  • Portal data and documents (where applicable) are encrypted at rest using TDE, AES128.

  • All actions carried out on the Portal are audited and traceable to individual user accounts.

  • Passwords must be 8 characters in length and contain 1 upper case, 1 lower case, 1 number and 1 special character.

  • When the password is saved to the database it is not saved in a text format but is encrypted using hashing and therefore is unreadable.

  • Five successive attempts to login with illegal credentials will lock the user out for 1 hour before allowing another login attempt.

  • We will automatically log users out after 5 minutes of inactivity in order to minimise the possibility of sensitive data being viewed on unattended devices.

To enhance your security, you may choose to apply an advanced level of authentication. 2 forms of optional user security can be used in addition to the username and password:

  • 2 step authentication (2SA): You create a memorable pass phrase in addition to your password. When you log in you are asked to enter 2 random characters from this pass phrase.
  • 2 factor authentication (2FA): You link your account to a smartphone Authenticator App. When you log in you are asked to enter the code generated by the app.

To use 2 factor authentication you must have downloaded a smartphone authenticator app. Microdoft Authenticator Android | iPhone or Google Authenticate Android | iPhone.

My ePay Window security overview
A video overview of account security.

Your employer or payroll department may choose to enforce additional security on your account. If not, you can elect to use 2SA or 2FA on your account from My Settings.
If you enter the incorrect information 3 times the account will be locked. Accounts will unlock after an hour. Alternatively, contact your payroll department to unlock the account.