You can determine password requirements for your users, including the complexity of the password they create.
The standard complex password requirements are:
- Length of at least 8 characters
- At least 1 number
- At least 1 lowercase character
- At least 1 uppercase character
- At least 1 special character
Best Practices
We recommend the following for password expiration, length, and complexity:
- User account passwords should be changed at least every 180 days and should be a minimum of 8 alphanumeric characters.
- Administrator account passwords must be changed at least every 90 days and must be a minimum of 10 alphanumeric characters.
- Passwords cannot be any of the previous (4) passwords.
- Passwords should also contain three of the four following characteristics:
- an uppercase character
- a lowercase character
- a number
- a special character or symbol
Set Password Complexity
You must be a SPoC to set the password complexity for all applications.
Caution: Password requirements are system-wide, meaning this impacts users of the Platform, Portal, Check-In Suite, and all other applications. If needed, you can work with Support to change password requirements and complexity.
- Go to System Setup > Domains/Accounts.
- Click Edit Record.
- Make sure "Password Authentication Enabled" is set to Yes.
- For "Password Complexity Expression", enter the JSON format for the complexity you want.
Example: The standard complex password JSON is: {"length":8,"digit":1,"lower":1,"upper":1,"special":1}
Tip: JSON formatting is important. All rule names should be in double quotes, such as "length". All values should be numbers; no letters are accepted. Otherwise, an error will occur when attempting to set a password.
Note: While we recommend using JSON, we do support Regular Expression (RegEx) format. If you use RegEx, then the oauth.passwordComplexity application label still applies.
- Click Save.
Password complexity requirements display to the user when they create or reset their password.