What would you like to know more about?

Password Requirements

You can determine password requirements for your users, including the complexity of the password they create.

The required standard complex password has at least:

  • Eight characters.
  • One number.
  • One lowercase character.
  • One uppercase character.
  • One special character.

Best Practices

We recommend the following for password expiration, length, and complexity:

  • User account passwords should change at least every 180 days and be a minimum of eight alphanumeric characters.
  • Administrator account passwords should change at least every 90 days and be a minimum of ten alphanumeric characters.
  • Passwords should not be any of the previous four passwords.
  • Passwords should also contain three of the four following characteristics:
    • An uppercase character
    • A lowercase character
    • A number
    • A special character or symbol

Set Password Complexity

  • You must be a SPoC to set the password complexity for all applications.
CAUTION: Password requirements are system-wide, meaning this impacts users of the Platform, PocketPlatform, Check-In Suite, widgets, and all other applications. If needed, you can work with Support to change password requirements and complexity.
  1. In the navigation menu, click System Setup > Domains/Accounts.
  2. Click Edit Record.
  3. Make sure Password Authentication Enabled is set to Yes.
  4. For Password Complexity Expression, enter the JSON format for the complexity you want.

    The standard complex password JSON is: {"length":8,"digit":1,"lower":1,"upper":1,"special":1}

    Tip: JSON formatting is important. All rule names should be in double quotes, such as "length". All values should be numbers; no letters are accepted. Otherwise, an error occurs when you attempt to set a password.
    Note: While we recommend using JSON, we do support Regular Expression (RegEx) format. If you use RegEx, then the oauth.passwordComplexity application label still applies.
  5. Click Save.

Password complexity requirements display to the user when they create or reset their password.