Password policy

Password policy

Passwords are the first line of defense for most accounts, and it's essential to secure them with strong, unique passwords. We recommend that you define a strong password policy for your organization and enforce all users to follow the password constraints specified in it. You can allow your users to generate secure passwords for their accounts based on the organization's password policy. Access Password policy from the Password management section of the Settings tab, then do one of the following


  • Enable a default policy
  • Create a new policy


Enabling a default policy

You can enable any one of the three default policies defined in Zoho Vault.


Simple
This policy contains less restrictions, and should be used sparingly for storing test accounts and internal non-critical accounts. We do not recommend this policy for storing sensitive credentials. 

Moderate
This policy contains moderate restrictions that enforce users to have mixed case and numbers in their password. 

Strong (Recommended)

The strong password policy contains extensive restrictions on the minimum password length, and enforces users to create passwords that contain mixed characters, numerals, and special characters. 


Note: By default, all these policies have a password validity of 60 days. Users will be alerted to recycle their passwords after this period. This is just an alert that helps users stay compliant with your organization's security policies. Their passwords will remain intact in Zoho Vault even after the validity expires. 


Here's a detailed list of all constraints associated with the default policies:



Policies Name      

Min Length     

Max Length     

Password Validity            

Mandatory password constrains                                                            

Simple

4

8

60days

  • Must contain a number

Moderate

6

8

60days

  • Must start with a letter
  • Must contain mixed case
  • Must contain a number

Strong

8

14

60days

  • Must start with a letter
  • Must contain mixed case
  • Must contain a number
  • Must contain a special character


Note: The default policies cannot be edited or deleted in Zoho Vault.


Creating a custom password policy

Create a password policy with your own constraints to match your company's security policies.

  1. Select Password policy under the Password management section of the Settings tab, then click Add
  2. Enter the policy name, and the minimum and maximum password length. Specify one of the following password constraints:
  • Must start with a letter
  • Must include mixed cases
  • Must contain numbers or special characters
  • Number of special characters required
  • Characters that are not allowed
  • Password validity
  1. Click Save.

    • Related Articles

    • Configure password policy

      Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for ...
    • How to set password preference for export policy

      As a measure of security, you can use passwords to protect the files that are exported. You can use Zoho Campaigns' default password or set a password specific to a particular file. By default, Zoho Campaigns' default password will be set for the ...
    • Reorder policy priority

      Since multiple policies can be added to a group, policy priority plays an important part in deciding which policies will be applied to a user. Let's look at an example to understand policy priority. The group "Weekend Shift" has four members: Amelia, ...
    • Can I configure a Password Policy for the users in my organization?

      You can configure a password policy for the users in your organization. The Password policy can include one or many of the below: Password expiration period, Password History, Combination of Alphabets, Numbers and Special characters. Refer here for ...
    • Setting export policy

      Password preference lets administrators allow users to set a password for file export. Setting a password is not mandatory but it's be  safer to opt for a password while exporting data. Prerequisites You need the  Standard Admin role to edit ...