Enforce Password Policies

Whatfix follows industry best practices to assure customer account security. The default password policy enforces a minimum of 8 characters. However, we also support those businesses who wish to implement a password policy that is more aligned with their organization's security standards. In this section, we have explained the different password policies we can configure:

• Policies are enforced through all login touch points (dashboard, website, and editor)

• Password Length:

  • Min/Max - 1/100 characters

• Password Composition:

  • Alphanumeric indicates:

    • Upper Case
    • Lower Case
    • Number
    • Any Special Character

• Password Expiry:

  • No notifications are sent to the user prior to the expiration date of the password
  • Once the password expires, a password expiry message along with information about a password reset link being sent by email is displayed on the login page.
  • Min/Max - 90/365 days

• Password Retention:

  • Min/Max - 3/10

• Login Failure:

  • Once you cross the login failure threshold, the account is LOCKED.
  • Once locked, you receive an email with instructions to unlock your account.
    For more information, see How can I unlock my Whatfix account?