As of February 15th 2019, new password requirements will be enforced for all users. Please note the following changes:
- Users can now change passwords after a predefined interval. The default interval is 90 days, but this interval can be configurable by the account owner. If the default interval is not configured to a specified interval (min = 30 days, max = 365 days), then the first time any user will be required to change his/her password will be on the 91st day. This password change interval is enforced from date any user changes his/her password.
- The option is also available to set the Password Expiration duration to Never, in which case the users will not be prompted to reset their password.
- If the administrator resets a user password, the user will be forced to change the password on the next login attempt.
Users are not allowed to reuse any of their previous 5 passwords. Account Owners now have a new setting to manage password re-use, and can specify the minimum and maximum re-use limits (min = 3, max = 10).
Strong Password Requirement:
Strong passwords are enforced for all users. If a user’s password currently does not meet the minimum security standard for strong passwords (1 upper case, 1 lower case, 1 number, 1 special character, minimum 8 total characters), then that user will be required to meet these password security settings the next time the user updates his/her password.
Configurable Login Settings available to the Account Owner:
The following configurable login settings are available to the account owner in the
Account Profile -> Login Settings: