Strong password requirements

SECURITY  Security level with Admin permission to configure Application-wide (Shared) Features. Refer to Admin security settings.

NAVIGATION   > Admin > Features & Settings > Application-wide (Shared) Features > System Settings > Site Setup

NOTE  For system settings to take effect, users must log out and back in.

About strong passwords

Password strength is the amount of security a password can provide against password-guessing attacks. The more random a password is, the harder it is to guess.

A strong password must be at least seven characters long, so the number of possible combinations is 69,833,729,609,375 (almost 70 trillion).

Strong passwords are disabled by default. To implement a strong password requirement for your users:

  1. To open the page, use the path(s) in the Security and navigation section above.
  2. Scroll down to the Site Setup section and locate the Password Requirements system setting.

  1. Click the Click here to edit link. The Password requirements page opens.

The system setting has two components that can be separately enabled, the strong password requirement itself and the frequency with which passwords must be changed.

  1. Check the Require strong passwords check box.

Check the Require Users to change their password every # days, and enter a number into the field. This requirement is independent of the strong password requirement.

EXAMPLE  On February 15, you update your password requirements for the first time, and enter "90" into the "# days" field. Peter changed his password on January 1. He will be required to change his password again on March 31, 90 days after he last changed it. Anna has never changed the password she was assigned four years ago. She will be required to change her password on her next login.

NOTE  Strong passwords are hard to remember. If you implement Strong Passwords and also require users to change them frequently, they will write them down somewhere, which defeats the purpose. Consider enabling the Lock user accounts after # consecutive unsuccessful login attempts system setting on the same page to enhance the overall security of your Autotask instance.

  1. If either policy is enabled, users will be prompted during login to change their password, or to update their password to a strong password. Refer to Logging in to Autotask for more information.

NOTE  Any time an Autotask password is changed, the new password must be different from the previous five passwords and cannot contain any spaces or single quotes, whether or not strong passwords are required.

NOTE  For security reasons, LiveMobile users cannot change their passwords through LiveMobile. They must log into the standard Autotask interface to do so. Remind them to do this before logging into LiveMobile.

Here are the requirements for an Autotask strong password:

  • Must be at least seven characters long.
  • Must have at least one special character in the second through sixth position
    • Special characters: ` ~ ! @ # $ % ^ & * () _ + - = {} | \ [] : ; " < > ? , . /
  • Must contain characters from at least two of the following three groups:
    • English uppercase letters: A, B, C, ... Z
    • English lowercase letters: a, b, c, ... z
    • Westernized Arabic numerals: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • As with all new Autotask passwords, must be different from your previous five passwords.