---
title: "Enforce Password Policies"
slug: "enforcing-password-policies"
updated: 2025-03-25T07:40:33Z
published: 2025-03-25T07:40:33Z
canonical: "support.whatfix.com/enforcing-password-policies"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.whatfix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Enforce Password Policies

Whatfix follows industry best practices to ensure customer account safety and compliance. The default password policy enforces a minimum of 8 characters. However, we also support those businesses who wish to implement a password policy that is more aligned to their organization's security standards. In this section, we have explained the different password policies you can configure:
:::(Warning) (**Note**)
To activate your password policies for your Whatfix account, contact [support@whatfix.com](mailto:support@whatfix.com?Subject=Activate%20password%20policies&Body=Hello%20Team%2C%0A%0APlease%20activate%20password%20policy%20for%20my%20Whatfix%20account.%0A%0AMore%20information%20on%20our%20security%20standards%3A%0A%0A%0AThanks%20and%20regards.){target="_blank"}.
:::
:::(Info) (your title goes here)
Policies are enforced through all login touch points (dashboard, website, and Studio). 

:::

<table style="margin-left: calc(4%); width: 96%;">
<thead>
<tr>
<th style="width:25%">Policy</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Password Length </td>
<td>Minimum/Maximum : 1/100 characters </td>
</tr>
<tr>
<td>Password Composition </td>
<td>Alphanumeric indicators:
    <li>Upper Case</li>
    <li>Lower Case</li>
    <li>Number</li>
    <li>Any Special Character</li></td>
</tr>
<tr>
<td>Password Expiry</td>
    <td><li> No notifications are sent to the user prior to the expiration of the password.</li>
    <li>Once the password expires, a password expiry message along with information about a password reset link will be sent by email.</li>
        <li>Minimum/Maximum - 90/365 days</li></td>
</tr>
<tr>
<td>Password Retention</td>
<td>Define how many recent historical passwords should not be reused. If the number is set to 4, then the new password cannot be one of the last 4 passwords that were used.</td>
</tr>
<tr>
<td>Login Failure</td>
    <td> <li>Once you cross the login failure threshold, the account is <b>LOCKED</b>.</li>
    <li>Once locked, you will receive an email with instructions to unlock your account. For more information, see 
<a href="https://support.whatfix.com/docs/how-can-i-unlock-my-whatfix-account"> how to unlock my Whatfix account? </a></li></td>
</tr>

## Related

- [Forgot my password](/resetting-my-password.md)
- [Change my password](/change-my-password.md)
- [How can I unlock my Whatfix account?](/how-can-i-unlock-my-whatfix-account.md)