Password policy
From Planfix
A password policy is a set of rules that governs the creation and use of passwords in the system. It helps enhance account security and protect data from unauthorized access.
To configure the password policy, go to Account management — Account security — Password Policy.
Key password requirements
Set by the primary account admin and dependent on system settings:
- Minimum length:
- Typically 8–12 characters, depending on configuration.
- Required character types:
- Uppercase and lowercase letters
- Numbers
- Special characters (e.g., ! @ # $ %)
- Password expiration:
- The primary account admin can set a validity period after which the user must create a new password—recommended change interval: every 90 days.
- Lockout after failed attempts:
- If a user enters an incorrect password multiple times in a row, the system may temporarily block access to protect against brute-force attacks. Typically, after three failed attempts, access is blocked for 15 minutes.
Recommendations
- Do not use passwords that match your username or are easy to guess (e.g., 12345678, qwerty, password).
- Avoid reusing the same password across different services.
- Store passwords in password managers rather than in text files.
- Do not share passwords with colleagues.
- Enable two-factor authentication.