Setting password complexity and expiry rules

You can set rules that users using must follow when they create passwords in your system. Requiring longer, more complex passwords improves system security.

If you change password settings, the new settings will take effect the next time a password is changed, either by the administrator or the employee.

To set password rules:

  1. Go to Administration > System and Security > Security Settings.
  2. Complete the fields in the Passwords section of the page.

  1. Click Save.

About the fields

Field name

This field…

Must Contain a Mix of Letters and Numbers

Requires users to include at least one letter and at least one number in each password

Must Contain Special Characters (punctuation, etc)

Requires users to include at least one special character in each password. Special characters include punctuation and characters such as #, $, and ~.

Must Contain Upper and Lower Case Characters

Requires users to include at least one upper case letter and at least one lower case letter in each password

Must Have Strength Rating of at Least Good

Requires any newly-created or changed passwords to meet or exceed the strength rating of 'Good'.

This rating is based on a Replicon algorithm, not the other password requirements you select.

Minimum Length

Defines the minimum number of characters each password must include

Expiry Period

Specifies when passwords expire – either Monthly, 60 days, Quarterly, Semi-annually, Yearly, or never

If, for example, you select monthly expiry, passwords expire:

  • One month after the user's system start date, and
  • One month after each password change. This applies even if a password is changed before it is due to expire.