search

​How to Configure Password Policy

This document explains how to configure password and session policies for users in verified domains, and where to apply these settings in the admin panel.

circle-info

This tab is available only in company accounts.

You’re able to configure password and session policy for all users with verified domains in your account. You can make it more strict than default system configuration.

You can configure password and session policies for users in verified domains. You can make these rules stricter than the defaults.

  1. Verify at least one domain in the account. The policy applies only to users in verified domains.

  2. Open /admin/account-settings?activeTab=password-policy.

  3. Update the policy settings and save your changes.

The updated policy applies to users with emails in verified domains.

Password policy settings define what passwords are accepted for users in verified domains. To make the policy stricter, tighten the limits below.

  1. Minimum password length (min-length). Increase the value to require longer passwords.

  2. Maximum password length (max-length). Decrease the value to reduce the allowed maximum length.

  3. Require uppercase letters (uppercase). Increase the value to require more uppercase characters.

  4. Require lowercase letters (lowercase). Increase the value to require more lowercase characters.

  5. Require digits (digit). Increase the value to require more numeric characters.

  6. Require special characters (special character). Increase the value to require more special characters.

  7. Do not allow repetition (Don't allow repeat). If the limit is set to 3, 111 or aaa is not allowed. To make this stricter, reduce the allowed repeat limit.

  8. Allow spaces in the password. Disable it to disallow spaces.

  9. Do not allow forbidden passwords. Enable it to block weak passwords from the forbidden list.

  10. Do not allow forbidden words. Enable it to block passwords containing forbidden words.

  11. Enable password expiration (expiration-days). Decrease the value to force more frequent password changes.

  12. Send password expiration notifications (notify-before-days). Set how many days before expiration the user is notified.

  13. Do not allow password reuse for a period (prevent-reuse-months). Increase the value to extend the reuse restriction period.

  14. Do not allow reuse of recent passwords (prevent-reuse-count). Increase the value to block a larger number of previous passwords.

circle-info

When you increase character requirements, keep the total within the allowed password length. For example, uppercase + lowercase + digit + special character must not exceed max-length.

Previous​How to Add an SSO ProviderNext​How to Configure Session Policy

Last updated