If you are a System Administrator you can set your organization's password policies from Admin > Configuration > Password Policies.

You can use the system defaults:

System Default set rules for:

  • Minimum length

  • Types of characters

  • Expiry period

  • times an incorrect password can be set before login the user will need to reset their password

Or you can set custom policies for:

  • Minimum length

  • Expiry period

  • Number of times an incorrect password can be tried before the user will need to reset their password

When you create a user login, the user will be asked to reset their password when they login.

Guidance on passwords:

  • Longer passwords are more secure

  • Password should be a mix of uppercase, lowercase, numbers, and symbols

  • Password should be different from the passwords you use to log into other accounts, like your email or bank account

  • Use a password manager to generate long/random passwords

  • Do not use common dictionary words or phrases. Be creative and thoughtful with your password choice - it adds an extra layer of security to your account from the start

  • Your password should not be your email, phone number or birthday

  • Avoid using common words, like “Password”