Updated: October 16, 2020 10:06am

Password Policies
You can customize the policies that users must follow when creating and changing passwords using the following settings:

Setting Description
Enforce strong password

If selected, a "strong" password is required.  A strong password includes:
Uppercase and lowercase letters
Numbers (0-9)
Special characters (@, #, $, !)
Length of seven or more characters

Enforce password history for X days Enforce password history ensures that old passwords are not reused continually.  Users cannot repeat the same password after expiration for X days.
Password expires after X days Enter the number of days passwords can be used before they expire. If you enter 90, then users must change passwords every 90 days.
Prompt changing password X days before expiration User must change password after X days. User will be prompted to change their password upon login after expiration
Lock user account after X failed logon attempts  This setting limits the permitted number of failed password attempts. This prevents malicious users from trying one password after another in a brute force attack. A common setting is "3," which means that the account will be locked after the third failed password attempt.
User account lockout duration This setting determines the length of the lockout. If set to 30, then when a user's account is locked because of failed password attempts, the account will remain locked for 30 minutes and no one will be able to log in to the account during that time, even with the correct password

Sample Password Policy settings
Password policy