A strong password policy plays a vital role when it comes to the security of your portal. Make sure that your users only set up strong and secure passwords. Require users to reset their password after a certain period of time without allowing them to reuse an old one. Don't take the risk of having a weak password policy and read more about the steps you can take below.
Jump straight to:
- Password Requirements
- Enable stronger passwords
- Inform users of the password policy
- Prevent users from reusing passwords
- Mandatory password reset
By default, Bynder passwords require at least 6 characters, but you can increase the minimum number of characters that a password needs to contain. For example, if you’d like to set it to 14, users will be required to set up a password with at least 14 characters.
You can also make additional requirements, such as that the password contains a lowercase letter, uppercase letter, number, and/or special character (i.e. @,#,!,&,%,$).
Each of these requirements can be specified by you, so for example, you can require that the password be 14 characters long, with at least one lowercase letter, one uppercase letter, and one number, but no special characters.
Contact your Customer Success Manager with the specific characters that you’d like to require.
Enable stronger passwords
You can force users to create stronger passwords for their accounts. Then, whenever a user tries to change their password and provides one that is too weak, an error message displays.
When the stronger password policy is enabled, the password needs to meet the following requirements:
- The password must be at least 8 characters long.
- All-numeric or all-alphabetical groups are not allowed (e.g., kkkkkkkk、5555555).
- Consecutive identical numeric and alphabetical characters are not allowed (e.g., 9876543、HIJKLMNO).
- The password must be a combination of uppercase alphabet characters, lowercase alphabet characters, numeric characters, and special characters.
The password cannot contain any part of the username, first name, last name, or the first part of the email address.
- The password cannot be a previously used password.
- Reversing the sequence of an old password is not allowed (e.g. Hello! to !olleH).
- Substituting only a single character in the old password is not allowed (e.g. Hello123! to Hello122!).
Contact your Customer Success Manager for information and help with the setup.
Inform users of the password policy
Users will see an error message when the password that they're trying to set doesn't meet the requirements. If you've set up a minimum character requirement or implemented any other requirements, you can inform them about the policy by customizing this message.
Contact your Customer Success Manager with the message that users should see if their password doesn’t meet the requirements.
Prevent users from reusing passwords
Users who have specific restrictions regarding changing and creating new user passwords might benefit from the password-policy user setting. If this settings is enabled, the system checks the specified numbers of previous passwords to see if the same password has been used before. In this way, if the password a user is trying to save matches any of the previous passwords, the user is requested to choose a different password.
Contact your Bynder Customer Success Manager with the number of previous passwords the system should check for help with the setup.
Mandatory password reset
Do you want to make it mandatory for your users to periodically update their password for safety reasons? We can help you set up a policy that requires users to reset their password after a certain period of time. When they login for the first time after the password expires, users will be required to change their password.
The mandatory password reset mechanism only checks for users who have a password set up for their Bynder account. This means that SSO only users are excluded from the mandatory password reset, since they don't have any password set up for their account.
Enabling this feature could potentially mean that a large number of your users immediately have to reset their password. Find out below how the password reset date is determined.
How is the mandatory password reset date determined?
The mandatory password reset date can be calculated in two ways.
User creation date:
If a user has never reset their password before, the date the user account was created will be taken as the starting point. The time frame set up for the mandatory password reset will be added to this starting point. If the configured time frame has already passed, the user will be forced to reset the password immediately upon the first login. If not, they will be asked to reset their password the moment the chosen time frame has expired. From this moment on, the most recent password reset date will determine the next mandatory password reset date.
Enabling this feature could potentially mean that a large number of your existing users immediately have to reset their password.
Previous password reset
If a user has reset the password before, this date will be taken as the starting point. The time period you indicate for a mandatory password reset will be added to this starting point. When this period has passed, the user will be forced to reset the password. If the period has already passed, they will be immediately asked to reset the password upon the first login. From this moment on, the most recent password reset date will determine the next mandatory password reset date.
Contact your Customer Success Manager and specify after what period of time the password should expire.