Configure a Password Policy



Meet security requirements for the protection of sensitive data by easily setting and enforcing a password policy for your team.  Implement a password policy to guide users in how to create secure passwords.


Set a Password Policy

Keep up best practices for security with ProntoForms' configurable password policy.  Provide users with requirements for passwords such as password length and special characters, and prohibit the use of easily-guessed phrases, such as a user's login name.

  1. Log into the ProntoForms web portal as a ProntoAdmin, and enter Team Settings.  


  2. Go the Security tab.

  3. Beside the Password policy header, select Change Policy.

  4. There are several options available, as shown in the following example:


    • Passwords must have at least:
      • Total characters: Specify the minimum length a password must be. By default, no password can be less than 8 characters, or more than 256. 

      • Lowercase characters: Specify how many lowercase characters (a - z) a password must contain. 

      • Uppercase characters: Specify how many uppercase characters (A - Z) a password must contain. 

      • Numbers: Specify how many numbers a password must contain.

      • Special characters: Specify how many special characters (e.g. ! & *) a password must contain. 

    • Passwords cannot contain:
      • Username: Cannot contain the user's ProntoForms username. 
      • Spaces: Cannot contain spaces (ie. "pass word").

      • Keyboard sequences: A sequence of letters found on a keyboard (ie. "qwerty", "asdfg").

      • Alphabet sequences: Letters in the order they are found in the roman alphabet (ie. "abcd", "wxyz"). 

      • Number sequences: Numbers in order from small to large, or large to small (ie. "1234", "9876").

      • Repeated characters: Numbers, letters, or special characters repeated (ie. "aaa", "444", "!!!"). 

      • Any of the previous number of passwords: Passwords can only be used once every number of password resets.

    • Password Expiry:
      • Passwords expire after: Set how long a password can be used for before a password update is forced by dragging the slider.  The following are valid: 2 weeks; 1, 2, 3, 4, or 8 months; 1, 2 or 4 years; or never.

      • Please note: password expiry uses the date the user last changed their password to calculate when the password must be changed, not the date when the password expiry policy was enabled. 
  5. Hit Update to save the new password policy. 

  6. Users will be informed of password requirements when they attempt to change their password.

Note: There are two additional options available in the Security tab under the Password Policy header:

  • Expire All Passwords: Force all users to create a new password that conforms to the password requirements by making their current password invalid.  Users will be prompted upon login to change their password.

  • Reset: Revert the password policy to default (8 characters). 


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


  • Avatar
    Richard Hammond

    I would like to set a 90 day password expiry (a common frequency) the password expiry is a sliding bar that only allows 1,2,4,8 months, I would like 3 months as would most who would configure this. Please can we update so 3 months is a selectable option.  

  • Avatar
    Karen Cann

    You can set the password expiry to three months, as shown in the example.