# How to Configure Password Policy

{% hint style="info" %}
This tab is available only in company accounts.
{% endhint %}

You’re able to configure password, login authentication policy and session policy for all users with verified domains in your account. You can make it more strict than default system configuration.

You can make these rules than the defaults.&#x20;

**To do so:**

1. Verify at least one domain in the account.
   * The policy applies only to users in verified domains.
2. Open the admin panel → Password policy tab.
3. Update the policy settings and save your changes.

The updated policy applies to users with emails in verified domains.

### Login authentication policy

#### Company Account

<figure><img src="/files/nbqv6GLuFkjBsmedH8xi" alt=""><figcaption></figcaption></figure>

* **Enforce Multi-Factor Authentication (MFA)** — Based on risk factor, the system will decide when it should send a one-time password email to login.
* **Enforce SSO** — This disables standard password authentication. Password login remains active as a fallback only if SSO is not configured.

#### &#x20;Personal Account

<figure><img src="/files/6Y7Q0AuXE0ooz5hwLgzU" alt=""><figcaption></figcaption></figure>

**Enforce Multi-Factor Authentication (MFA)** — Based on risk factor, the system will decide when it should send a one-time password email to login.

{% columns %}
{% column %}
After enabling multi-factor authentication, the login process includes an additional verification step to enhance account security:

1. Open authorization page → enter your email and password
   * The **Enter Code** page will open automatically.
2. Check your mailbox for the **One-Time Password** letter.
3. Copy the codem paste it and confrim.
   {% endcolumn %}

{% column %}

<figure><img src="/files/WDfcnK4YpnsHDQXw0Ak5" alt=""><figcaption></figcaption></figure>
{% endcolumn %}
{% endcolumns %}

{% hint style="info" %}
This checkbox might be set and disabled if a user is a corporate user and administrator of his corporate account enforced MFA.
{% endhint %}

### Password policy settings

Password settings define what passwords are accepted for users in verified domains. To make the policy stricter, tighten the limits below.

1. **Minimum password length** (`min-length`). Increase the value to require longer passwords.
2. **Maximum password length** (`max-length`). Decrease the value to reduce the allowed maximum length.
3. **Require uppercase letters** (`uppercase`). Increase the value to require more uppercase characters.
4. **Require lowercase letters** (`lowercase`). Increase the value to require more lowercase characters.
5. **Require digits** (`digit`). Increase the value to require more numeric characters.
6. **Require special characters** (`special character`). Increase the value to require more special characters.
7. **Do not allow repetition** (**Don't allow repeat**). If the limit is set to `3`, `111` or `aaa` is not allowed. To make this stricter, reduce the allowed repeat limit.
8. **Allow spaces in the password**. Disable it to disallow spaces.
9. **Do not allow forbidden passwords**. Enable it to block weak passwords from the forbidden list.
10. **Do not allow forbidden words**. Enable it to block passwords containing forbidden words.
11. **Enable password expiration** (`expiration-days`). Decrease the value to force more frequent password changes.
12. **Send password expiration notifications** (`notify-before-days`). Set how many days before expiration the user is notified.
13. **Do not allow password reuse for a period** (`prevent-reuse-months`). Increase the value to extend the reuse restriction period.
14. **Do not allow reuse of recent passwords** (`prevent-reuse-count`). Increase the value to block a larger number of previous passwords.

{% hint style="info" %}
When you increase character requirements, keep the total within the allowed password length. For example, `uppercase + lowercase + digit + special character` must not exceed `max-length`.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://support.docstudio.com/admin-panel/account-settings/how-to-configure-password-policy-1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.