Custom password policy allows you to change minimum password length, password history, set lockout and expiration rules.

By default password should consist of at least 8 characters. Passwords must not contain username, SamAccountName, the email address and can't include them as its part. Last 4 passwords can't be reused. Password must contain characters from 3 of the following categories: 

  • English uppercase characters (A-Z)
  • English lowercase characters (a-z)
  • Numbers (0-9)
  • Special characters (e.g., ! $ # %)

Custom Password Policy cannot be less complicated than the default one.

You can set up a custom password policy for users on your account in Control Panel > Users > User Password Policies or Control Panel > Services > Compliance > Policies or Control Panel > Account > Security Policies > User Password Policies.

password policies

On this page, you can:

Restrict/allow users to change passwords

Force All Users to Change Password

Enable Custom Policy

Force password change or enable custom policy

Restrict/allow users to change passwords

By default, all users have the ability to reset/recover their password.

If you check Users cannot change password box and save changes it will result in following:

  • users will not have permissions to reset/recover their password
  • users will not be getting emails about password expiring

Note: Policy setting Users cannot change password applies to all users. If you want to restrict specific user(s) to change the password it can be done on individual user's settings page. Read knowledge Base article on How Do I Manage User Password Settings for more information.

Force Password Change

You can force users to change the password on next logon.

Custom Password Policy

You can specify the following settings:

  • minimum password length (min 8, max 127)
  • password expiration period (30, 60, 90, 180 and 365 days periods are available)
    Note: the first password expiration notification is sent 5 days before the expiration date.
  • password history
  • user lock

custom policy

If you enable password expiration you can check the expiration date for an individual user by navigating to Control Panel > Users > Click on Display Name of the user > Edit User Password Settings

Note: in the default password policy there is no password expiration.

To unlock them go to Control Panel > Users > click on a user > click Unlock.