To ensure a high level of security, Whatfix is implementing a new update to the password policy. The enhancement reduces the risk of compromise by preventing the use of weaker passwords across multiple enterprises (ENTs).
When a user requests a password reset, Whatfix checks the password policies of all ENTs the user is a part of. Whatfix then enforces the most stringent password policy among all these ENTs.
Note:
No changes are required to the current passwords of the ENTs that you are a part of. The new policy applies when you try and reset a password.
Here's an example:
Let's say John is a member of the following tenants with the following minimum password length requirements:
ENT A: Minimum 12 characters
ENT B: Minimum 8 characters
ENT C: Minimum 10 characters
When John initiates a password reset from any of these ENTs, he must set a password that meets the highest minimum length requirement among them – in this case, 12 characters.
By always enforcing the strictest password policy applicable to a user, Whatfix ensures that password strength consistently meets the highest security standards.