Setting password complexity and expiry rules
You can set rules that users using must follow when they create passwords in your system. Requiring longer, more complex passwords improves system security.
If you change password settings, the new settings will take effect the next time a password is changed, either by the administrator or the employee.
To set password rules:
- Go to Administration > System and Security > Security Settings.
- Complete the fields in the Passwords section of the page.
- Click Save.
About the fields
Field name | This field… |
|---|---|
| Must Contain a Mix of Letters and Numbers | Requires users to include at least one letter and at least one number in each password |
| Must Contain Special Characters (punctuation, etc) | Requires users to include at least one special character in each password. Special characters include punctuation and characters such as #, $, and ~. |
| Must Contain Upper and Lower Case Characters | Requires users to include at least one upper case letter and at least one lower case letter in each password |
| Must Have Strength Rating of at Least Good | Requires any newly-created or changed passwords to meet or exceed the strength rating of 'Good'. This rating is based on a Polaris algorithm, not the other password requirements you select. |
| Minimum Length | Defines the minimum number of characters each password must include |
| Expiry Period | Specifies when passwords expire – either Monthly, 60 days, Quarterly, Semi-annually, Yearly, or never If, for example, you select monthly expiry, passwords expire:
|
Related links
Setting user sessions to automatically time out
Setting up multi factor authentication (MFA)
Setting up account lockout