Password Policy

  • Updated

A robust password policy is crucial for the security of your portal. Ensure that users create strong and secure passwords. Implement password resets periodically and disallow the reuse of old passwords. Learn more about the effective measures below to avoid the dangers of a weak password policy.

To avoid your users from having to remember a new password for their Bynder account you can Enable (SSO) Single Sign-On in Bynder.

Password Requirements

Typically, Bynder passwords need to have a minimum of 6 characters. However, you have the option to increase this minimum requirement. For instance, if you set it to 14, users will need to create a password with at least 14 characters.

You can also set additional criteria, such as including a lowercase letter, uppercase letter, number, and/or special character (e.g., @,#,! &,%,$) in the password.

You can customize these criteria as needed. For example, you can mandate a 14-character password with at least one lowercase letter, one uppercase letter, and one number, but no special characters.

Contact your Customer Success Manager with the specific characters that you’d like to require. 

Enable Strong Passwords

Users can be required to use stronger passwords for their accounts. If they attempt to change their password to a weak one, they will receive an error message.

When the stronger password policy is activated, passwords must adhere to specific requirements.

  • The password must be at least 8 characters long.
  • All-numeric or all-alphabetical groups are not allowed (e.g., kkkkkkkk、5555555).
  • Consecutive identical numeric and alphabetical characters are not allowed (e.g., 9876543、HIJKLMNO).
  • The password must be a combination of uppercase alphabet characters, lowercase alphabet characters, numeric characters, and special characters.
    The password cannot contain any part of the username, first name, last name, or the first part of the email address.
  • The password cannot be a previously used password.
  • Reversing the sequence of an old password is not allowed (e.g. Hello! to !olleH).
  • Substituting only a single character in the old password is not allowed (e.g. Hello123! to Hello122!).

Inform Users of the Password Policy

If the password being set does not meet the specified requirements, users will be shown an error message. You can customize this message to inform users about any specific password policies, such as minimum character requirements, that have been set up.

Contact your Customer Success Manager with the message that users should see if their password doesn’t meet the requirements. 

Prevent users from reusing passwords

Users with specific limitations on changing and creating new passwords can utilize the password-policy user setting. When enabled, the system verifies a set number of previous passwords to ensure that the new password is unique. If the user attempts to use a password that has been used before, they will be prompted to select a different one.

Contact your Bynder Customer Success Manager with the number of previous passwords the system should check for help with the setup.

Mandatory Password Reset

Users may be asked to update their passwords regularly for security purposes. There are two scenarios to determine when users must change their passwords.

The mandatory password reset feature specifically targets users with a password for their Bynder account. This excludes SSO-only users who do not have a password for their account.

If this feature is activated, a significant number of users might need to reset their passwords promptly.

How is the mandatory password reset date determined?

The mandatory password reset date can be calculated in two ways.

  1. User creation date:
    When a user who has never reset their password logs in, the system will consider the account creation date as the reference point. The mandatory password reset time frame will be added to this date. If the set time frame has elapsed, the user will be prompted to reset their password right away upon login. Otherwise, they will be asked to change their password once the specified time frame has passed. Subsequently, the most recent password reset date will dictate the next mandatory reset date. Activating this feature may result in immediate password resets for numerous existing users.
  2. Previous password reset
    If a user has previously reset their password, that date will be considered the initial reference point. The specified time period for a required password reset will then be added to this reference point. Once this period elapses, the user will be prompted to reset their password. If the deadline has already passed, the user will be immediately prompted to reset their password upon their next login. Subsequently, the most recent password reset date will dictate the next mandatory password reset date.

Was this article helpful?

0 out of 0 found this helpful

We're sorry to hear that!

Find out more in our community

Have more questions? Find out more in our community