Password policy: Difference between revisions
From Planfix
No edit summary |
No edit summary |
||
| Line 9: | Line 9: | ||
To configure the password policy, go to Account management — Account security — Password Policy. | To configure the password policy, go to Account management — Account security — Password Policy. | ||
==Key password requirements== | ==Key password requirements== | ||
Set by the account | Set by the primary account admin and dependent on system settings: | ||
*'''Minimum length''': | *'''Minimum length''': | ||
**Typically 8–12 characters, depending on configuration. | **Typically 8–12 characters, depending on configuration. | ||
| Line 17: | Line 17: | ||
**Special characters (e.g., ! @ # $ %) | **Special characters (e.g., ! @ # $ %) | ||
*'''Password expiration''': | *'''Password expiration''': | ||
**The account | **The primary account admin can set a validity period after which the user must create a new password—recommended change interval: every 90 days. | ||
*'''Lockout after failed attempts''': | |||
**If a user enters an incorrect password multiple times in a row, the system may temporarily block access to protect against brute-force attacks. Typically, after three failed attempts, access is blocked for 15 minutes. | |||
==Recommendations== | |||
Revision as of 12:46, 15 October 2025
A password policy is a set of rules that governs the creation and use of passwords in the system. It helps enhance account security and protect data from unauthorized access.
To configure the password policy, go to Account management — Account security — Password Policy.
Key password requirements
Set by the primary account admin and dependent on system settings:
- Minimum length:
- Typically 8–12 characters, depending on configuration.
- Required character types:
- Uppercase and lowercase letters
- Numbers
- Special characters (e.g., ! @ # $ %)
- Password expiration:
- The primary account admin can set a validity period after which the user must create a new password—recommended change interval: every 90 days.
- Lockout after failed attempts:
- If a user enters an incorrect password multiple times in a row, the system may temporarily block access to protect against brute-force attacks. Typically, after three failed attempts, access is blocked for 15 minutes.