Managing Password Policies

If you are a System Administrator you can set your organization's password policies from Admin > Configuration > Password Policies.

You can use the system defaults:

System Default set rules for:

• Minimum length

• Types of characters

• Expiry period

• times an incorrect password can be set before login the user will need to reset their password

Or you can set custom policies for:

• Minimum length

• Expiry period

• Number of times an incorrect password can be tried before the user will need to reset their password

When you create a user login, the user will be asked to reset their password when they login.

Guidance on passwords:

• Longer passwords are more secure

• Password should be a mix of uppercase, lowercase, numbers, and symbols

• Password should be different from the passwords you use to log into other accounts, like your email or bank account

• Use a password manager to generate long/random passwords

• Do not use common dictionary words or phrases. Be creative and thoughtful with your password choice - it adds an extra layer of security to your account from the start

• Your password should not be your email, phone number or birthday

• Avoid using common words, like “Password”

Maximum length

Please note that password by default has a maximum length of 20 characters.

From the same page, if you want to automatically send reminders to users when their passwords are due to expire, from Send reminder emails to users when their passwords are due to expire? select Yes.

Users will then receive emails 7 days and 1 day before their passwords are due to expire.

From the email they click on Reset your password and they will be asked to set a new password.