A strong password policy plays a vital role when it comes to the security of your portal. Make sure that your users only set up strong and secure passwords. Require users to reset their password after a certain period of time without allowing them to reuse an old one. Don't take the risk of having a weak password policy and read more about the steps you can take below.
Enable stronger passwords
You can force users to create stronger passwords for their accounts. Then, whenever a user tries to change their password and provides one that is too weak, an error message displays.
When the stronger password policy is enabled, the password needs to meet the following requirements:
The password must be at least 8 characters long.
All-numeric or all-alphabetical groups are not allowed (e.g., kkkkkkkk、5555555).
Consecutive identical numeric and alphabetical characters are not allowed (e.g., 9876543、HIJKLMNO).
The password must be a combination of uppercase alphabet characters, lower case alphabet characters, numeric characters and special characters.
The password cannot contain any part of the username, first name, last name or first part of the email address.
The password cannot be a previously used password.
Reversing the sequence of an old password is not allowed (e.g. Hello! to !olleH)
Substituting only a single character in the old password is not allowed (e.g. Hello123! to Hello122!)
Do you want to make use of the feature? Contact your Customer Success Manager for information and help with the setup.
Prevent users from re-using passwords
Users who have specific restrictions regarding changing and creating new user passwords might benefit from the password-policy user setting. If this settings is enabled, the system checks the specified numbers of previous passwords to see if the same password has been used before. In this way, if the password a user is trying to save matches any of the previous passwords, the user is requested to choose a different password.
Do you want to make use of the feature? Contact your Bynder Customer Success Manager for information and help with the setup.
Mandatory password reset
Do you want to make it mandatory for your users to periodically update their password for safety reasons? We can help you setting up a policy that requires users to reset their password after a certain period of time. Upon the first login after the password expired, users will need to change their password.
The mandatory password reset mechanism checks for users who have a password set up for their account. This means that SSO only users are excluded from the mandatory password reset, since they don't have any password set up for their account.
Enabling this feature could potentially mean that a large number of your users immediately have to reset their password. Find out below how the password reset date is determined.
How is the mandatory password reset date determined?
The mandatory password reset date can be calculated in two ways.
User creation date
If a user never reset their password before, the date the user account was created will be taken as the starting point. The time frame set up for the mandatory password reset will be added to this starting point. If the configured time frame has already passed, the user will be forced to reset the password immediately upon the first login. If not, they will be asked to reset their password the moment the chosen time frame has expired. From this moment on the most recent password reset date will determine the next mandatory password reset date.
Enabling this feature could potentially mean that a large number of your existing users immediately have to reset their password.
Previous password reset
If a user reset the password before, this date will be taken as starting point. The time period you indicated for a mandatory password reset will be added to this starting point. When this period has passed, the user will be forced to reset the password. If the period has already passed, the will be immediately asked to reset the password upon the first login. From this moment on the most recent password reset date will determine the next mandatory password reset date.
Do you want to make use of the feature? Contact your Customer Success Manager and specify after what period of time the password should expire.