Configure a Password Policy

 

About

Meet security requirements for the protection of sensitive data by easily setting and enforcing a password policy for your team.  Implement a password policy to guide users in how to create secure passwords.

 

Set a Password Policy

Keep up best practices for security with ProntoForms' configurable password policy.  Provide users with requirements for passwords such as character length and special characters, and prohibit the use of easily-guessed phrases, such as a user's login name.

  1. Log into the ProntoForms web portal as a ProntoAdmin, and enter Team Settings.  

     

    1._team_settings.png

     

  2. In the Security tab under the Password Policy header, select Update.


    2016-01-11-PassPoliHead.png

  3. There are three categories of password policy available: 


    2015-08-25_11_28_16-Mobile_Forms_Made_Easy_-_Password_Policy.png

    • Passwords must have at least...

      • Total characters: Specify the minimum length a password must be. By default, no password can be less than 8 characters, or more than 256. 

      • Lowercase characters: Specify how many lowercase characters (a - z) a password must contain. 

      • Uppercase characters: Specify how many uppercase characters (A - Z) a password must contain. 

      • Numbers: Specify how many numbers a password must contain. By default, all passwords must contain at least one number. 

      • Special characters: Specify how many special characters (e.g. ! & *) a password must contain. 

    • Passwords cannot contain...

      • Username: A user cannot use their username as part of their password (ie. JohnS's password cannot be "JohnSPswrd"). 

      • Spaces: Cannot contain spaces (ie. "pass word").

      • Keyboard sequences: A sequence of letters found on a keyboard (ie. "qwerty", "asdfg").

      • Alphabet sequences: Letters in the order they are found in the roman alphabet (ie. "abcd", "wxyz"). 

      • Number sequences: Numbers in order from small to large, or large to small (ie. "1234", "9876").

      • Repeated characters: Numbers, letters, or special characters repeated (ie. "aaa", "444", "!!!"). 

      • Any of the previous number of passwords: Passwords can only be used once every number of password resets.

    • Password Expiry:

      • Passwords expire after: Set how long a password can be used for before a password update is forced by dragging the slider.  The following are valid: 2 weeks; 1, 2, 3, 4, or 8 months; 1, 2 or 4 years; or never.


        Password_Expiry_3.png
  4. Hit Update to save the new password policy. 

  5. Users will be informed of password requirements when they attempt to change their password.

     

    End_User_Password_Must_Have.....png

 

Note: There are two additional options available in the Security tab under the Password Policy header:

2016-01-11-PassPoliHead.png

 

  • Expire All Passwords: Force all users to create a new password that conforms to the password requirements by making their current password invalid.  Users will be prompted upon login to change their password.

  • Reset: Revert the password policy to default (8 characters, 1 number). 

[top]

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Richard Hammond

    I would like to set a 90 day password expiry (a common frequency) the password expiry is a sliding bar that only allows 1,2,4,8 months, I would like 3 months as would most who would configure this. Please can we update so 3 months is a selectable option.