/
Set up a Password Policy for your platform

Knowledge Base

💡Knowledge Base Home | 🚀What's New | 📅Upcoming Training Events

Set up a Password Policy for your platform

Steps to set up your platform Password Policy

Related Help Guide Pages

Learn how to define the Password Policy for your platform

Creating a solid Password Policy is one of the best ways to keep your platform, your Users, and their data safe! By setting clear guidelines around things like password strength, complexity, and when passwords need to be updated, you help everyone follow secure login practices and lower the risk of unauthorised access or data breaches.

image-20250723-134617.png

Follow this page to learn the steps for creating a Password Policy in your accessplanit platform.

Please Note
Security Options is only available for Super Administrators. If you are unable to access this page, please speak to a Super Admin on your team, or contact a member of our Support Team.

Create your Password Policy

Follow the steps below to create a secure Password Policy for your Users

  1. Open the ‘Administration’ menu from the Profile options at the top-right of your platform

    image-20250723-124804.png

     

  2. This will open the Administration Menu

    image-20250723-124958.png

     

  3. Click the ‘Security Options’ menu option under the ‘Integrations and Security’ section

    image-20250723-125115.png

     

  4. This will open the Password Policy page

    image-20250723-125150.png

     

  5. Add the ‘Minimum Length’ for passwords
    For example, passwords must be a minimum of 8 characters to be accepted

    image-20250723-125652.png

     

  6. Add the ‘Minimum Numeric’
    For example, passwords must contain at least 2 numbers

    image-20250723-125803.png

     

  7. Add the ‘Minimum Lowercase’ characters required
    For example, passwords must contain at least 1 lowercase character

    image-20250723-125934.png

     

  8. Add the ‘Minimum Uppercase’ characters required
    For example, passwords must contain at least 1 uppercase character

    image-20250723-130346.png

     

  9. Use the 'Password Expires (Days) option to define how many days a User can use the Password before they need to update to a new Password

    image-20250723-130501.png

     

Please Note
The password expiration is no longer a recommended security setting, as expiring passwords make Users select predictable passwords. We recommend setting this to at least 365 days. The accessplanit Checkout basket does not recognise expired passwords and will allow Users to log in with their expired password, provided they enter the correct current password for their account.

 

  1. Add the 'Allowed Failed Attempts'
    This is the number of attempts a User has to log in before they are locked out for providing an incorrect password

    image-20250723-130749.png

     

  2. Use the ‘Password Reuse’ option to control how many new passwords a user must set before they can go back to an old one.
    For example, if you enter 3, the user will need to create three different passwords before they’re allowed to reuse a previous password.

    image-20250723-130903.png

     

  3. Add a ‘Password Min Age’ to define the number of days that Users need to keep their passwords before they are allowed to change them again

    image-20250723-133720.png

     

  4. Set the 'Lockout Duration' to define how long a User is locked out of their Account after they have entered their Password incorrectly

    image-20250723-133858.png

Please Note

If an administrator changes the user's status, this duration is still in effect, so the User will only get one attempt at entering the correct password if they attempt to log in during this amount of time after they were first locked out.

 

  1. Check the ‘Require one Special character’ checkbox to require new passwords to contain at least one non-alphanumeric character such as ? ! $

    image-20250723-134049.png

     

  2. Check the ‘Don’t Force Password Change after Reset' checkbox if you do not need Users to change their password once they've been locked out

    image-20250723-134226.png

     

  3. Add your ‘Account Locked’ message, this will be displayed to Users when they lock their account when trying to login

    image-20250723-134359.png

     

Top Tip!
None of these Password Policy options are mandatory, so you may not require them all, any options left blank will not be included in your Password Policy.

 

  1. Once you are happy with your Policy, click the ‘Save’ button in the top right-hand corner

    image-20250924-094826.png

FAQ’s

How does a Password Policy work?

Once a User exceeds the number of failed attempts set in the Allowed Failed Attempts field, the User's status is set to ‘Locked’.

A User will stay in the status of Locked for the duration stated in the Lockout Duration. They won't be able to access accessplanit during this period unless an admin sets them back to ‘Active’ within this time. This Lockout time doesn't change, even if the User tries to log in before the Lockout Duration expires. 

If a User is set to Active whilst the Lockout Duration is still running, one incorrect attempt at logging into accessplanit will lock them out again.

Once the Lockout Duration expires, if the User hasn't been set back to ‘Active’, they'll still stay as Locked. However, if they successfully log in after this period, their account status is automatically changed back to Active.

The User will then get the full number of failed attempts specified in the Allowed Failed Attempts field before they get locked out again.

 

 

 

Contact Our Team

If you can't find what you're looking for, access our Support Portal, and our team of experts will be happy to help!

Is it your first time contacting the team? Learn how to raise a support ticket.

Follow Us

Facebook|height=20 LinkedIn|height=20 Instagram|height=20 Twitter|height=20

Copyright © 2025 accessplanit.

Social media icons by icons8.com