Password Requirements
You can determine password requirements for your users, including the complexity of the password they create.
The required standard complex password has at least:
- Eight characters.
- One number.
- One lowercase character.
- One uppercase character.
- One special character.
Best Practices
We recommend the following for password expiration, length, and complexity:
- User account passwords should change at least every 180 days and be a minimum of eight alphanumeric characters.
- Administrator account passwords should change at least every 90 days and be a minimum of ten alphanumeric characters.
- Passwords should not be any of the previous four passwords.
- Passwords should also contain three of the four following characteristics:
- An uppercase character
- A lowercase character
- A number
- A special character or symbol
Set Password Complexity
- You must be a SPoC to set the password complexity for all applications.
Password complexity requirements display to the user when they create or reset their password.