Password policy
Passwords are the first line of defense for most accounts, and it's essential to secure them with strong, unique passwords. We recommend that you define a strong password policy for your organization and enforce all users to follow the password constraints specified in it. You can allow your users to generate secure passwords for their accounts based on the organization's password policy. Access Password policy from the Password management section of the Settings tab, then do one of the following
- Enable a default policy
- Create a new policy
Enabling a default policy
You can enable any one of the three default policies defined in Zoho Vault.
Simple
This policy contains less restrictions, and should be used sparingly for storing test accounts and internal non-critical accounts. We do not recommend this policy for storing sensitive credentials.
Moderate
This policy contains moderate restrictions that enforce users to have mixed case and numbers in their password.
Strong (Recommended)
The strong password policy contains extensive restrictions on the minimum password length, and enforces users to create passwords that contain mixed characters, numerals, and special characters.
Here's a detailed list of all constraints associated with the default policies:
Policies Name | Min Length | Max Length | Password Validity | Mandatory password constrains |
Simple | 4 | 8 | 60days |
|
Moderate | 6 | 8 | 60days |
|
Strong | 8 | 14 | 60days |
|
Note: The default policies cannot be edited or deleted in Zoho Vault.Creating a custom password policy
Create a password policy with your own constraints to match your company's security policies.- Select Password policy under the Password management section of the Settings tab, then click Add
- Enter the policy name, and the minimum and maximum password length. Specify one of the following password constraints:
- Must start with a letter
- Must include mixed cases
- Must contain numbers or special characters
- Number of special characters required
- Characters that are not allowed
- Password validity
- Click Save.
Related Articles
Configure password policy
Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...Can I configure a Password Policy for the users in my organization?
You can configure a password policy for the users in your organization. The Password policy can include one or many of the below: Password expiration period, Password History, Combination of Alphabets, Numbers and Special characters. Refer here for ...Reorder policy priority
Since multiple policies can be added to a group, policy priority plays an important part in deciding which policies will be applied to a user. Let's look at an example to understand policy priority. The group "Weekend Shift" has four members: Amelia, ...Password Reset Alerts
(Available in Standard, Professional, and Enterprise Editions) Periodical recycling of enterprise passwords can be an important security policy within your organization. Zoho Vault helps you streamline and simplify this process with password reset ...Can I enforce Password expiry for my domain users?
You can configure a password policy for the users in your organization. The Password policy can include one or many of the below: Password expiration period, Password History, Combination of Alphabets, Numbers and Special characters. Refer here for ...