Set up a Password Policy

Oktopost allows you to improve your account security with password protection. You can set password history, length, and complexity requirements along with other values. In addition, you can specify what to do if a user forgets their password.

Once set, the password policy will apply to all account users and advocates. If a user has access to multiple Oktopost accounts, the only password policy that applies is that of his primary account. To set a password policy for your account you must have admin access rights or have a permission to update the accounts' password policy.

The password policy can be viewed and edited under Account Settings → Security.

Field Description
User passwords expire in The amount of time until user passwords expire and must be changed. The default is Never. If you change the 'User passwords expire in' setting, the change affects a user's password expiration date if that user's new expiration date is earlier than the old expiration date or if you remove an expiration by selecting 'Never expires'.
Enforce password history Save users' previous passwords so that they must always reset their password to a new, unique password. The default is 3 passwords remembered. You cannot select 'No passwords remembered' unless you select 'Never expires' for the User passwords expire in field.
Minimum password length The minimum number of characters required for a password. When you set this value, existing users aren't affected until the next time they change their passwords. The default is 6 characters.
Password complexity requirement The requirement for the types of characters that must be used in a user's password.
  • No restriction, allows any password value, which is the default.
  • Must contain letters and numbers, requires at least one alphabetic character and one number.
  • Must contain lowercase, uppercase and numeric characters, requires at least one number, one uppercase letter, and one lowercase letter.
  • Must contain lowercase, uppercase, numeric and special characters, requires at least one alphabetic character, one number, and one of the following special characters: ! # $ % - _ = + < >.
Maximum invalid login attempts The number of login failures allowed for a user before they are locked out. The default is No Limits.
Lockout period The duration of the login lockout. The default is 15 minutes. You cannot select a lock out period unless you select the maximum number of invalid attempts.
Lockout message If set, this message will be shown to users who reach the maximum number of login attempts.

Feedback and Knowledge Base