Configure password policy
Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for your users to create passwords that meet certain security standards.
In the mobile application:
- Open the Zoho One app on your mobile device, then tap in the top right.
- Tap in the bottom right, then tap Security Policies.
- Tap the required security policy, then tap Password Policy.
- Tap the toggle bar to enable the password policy.
- Set the password preferences, then tap SAVE.
To disable a password policy:
- Open the Zoho One app on your mobile device, then tap in the top right.
- Tap in the bottom right, then tap Security Policies.
- Tap the required security policy, then tap Password Policy.
- Tap the toggle bar to disable the password policy.
- Tap SAVE.
In the web application:
- Sign in to Zoho One , then click Directory in the left menu.
- Go to Security, click Security Policies, then click on the policy you want to configure.
- Go to Password Policy, then click Setup.
- Select from the three preset Password Strengths or choose Custom.
- If you choose Custom, set:
Minimum length of a Password | The minimum number of characters the password must have. |
Mixed Password | When this is enabled, users have to set passwords with both upper and lower case characters. |
Minimum special characters | The number of special characters the password must have. |
Minimum numeric digits | The number of numeric characters the password must have. |
Maximum password age | The number of days users can use a password for. |
Minimum password age | The duration that users must use a password before resetting it. |
Refusal of Previously Used Passwords | The number of most recent passwords that users can't reuse. |
- Click Update Policy.
To remove a password policy:
- Sign in to Zoho One, then click Directory in the left menu.
- Go to Security, then click Security Policies.
- Click on the policy for which you want to remove the password.
- Go to Password Policy, then click Remove Password Policy.
If a password policy is removed, the next policy having the top priority will be applied to the user. Check our help documentation to know more about
policy priority.
- Click Yes, Remove. The password policy will be removed and in order to enforce the newly prioritized user policy, you will need to reset all passwords.
The maximum password age, minimum password age, and the refusal of previously used passwords will be effective immediately after the password priority is set and the older one is removed.
Related Articles
Add security policy
In the mobile application: Open the Zoho One app on your mobile device, then tap in the top-right. Tap in the bottom-right, then tap Security Policies. Tap Add, then enter the Policy Name. Choose the groups the policy will be applied to. To ...
Security Policies - Overview
Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components: Password policy: This component dictates how strong the users' passwords must be and how often they have to be ...
Delete a security policy
When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application: Open the Zoho One app on your mobile device, then tap in the ...
Apply an existing security policy to new groups
When applying a policy to a new group, remember to take the policies already applied to the group into account. When a group has multiple security policies, they will be applied based on the policy priority. In the mobile application: Open the Zoho ...
Policy must be used by at least one group. Apply policy to another group and try again.
Description You may encounter this error when you're trying to remove the only applicable group from a security policy. Reason Security policies have to be applied to groups in order to affect the members of the groups. Without being applied to a ...