Configure password policy

Configure password policy

Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for your users to create passwords that meet certain security standards.

 In the mobile application: 

  1. Open the Zoho One app on your mobile device, then tap  in the top right.
  2. Tap  in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Password Policy.
  4. Tap the toggle bar to enable the password policy.
  5. Set the password preferences, then tap SAVE.
 
To disable a password policy:
  1. Open the Zoho One app on your mobile device, then tap  in the top right.
  2. Tap  in the bottom right, then tap Security Policies.
  3. Tap the required security policy, then tap Password Policy.
  4. Tap the toggle bar to disable the password policy.
  5. Tap SAVE.

In the web application: 

  1. Sign in to Zoho One , then click Directory in the left menu.
  2. Go to Security, click Security Policies, then click on the policy you want to configure.
  3. Go to Password Policy, then click Setup.
  4. Select from the three preset Password Strengths or choose Custom.
  5. If you choose Custom, set:

    Minimum length of a Password
    The minimum number of characters the password must have.
    Mixed Password
    When this is enabled, users have to set passwords with both upper and lower case characters.
    Minimum special characters
    The number of special characters the password must have.
    Minimum numeric digits
    The number of numeric characters the password must have.
    Maximum password age
    The number of days users can use a password for.
    Minimum password age
    The duration that users must use a password before resetting it.
    Refusal of Previously Used Passwords
    The number of most recent passwords that users can't reuse.

  6. Click Update Policy.
To remove a password policy:
  1. Sign in to Zoho One, then click Directory in the left menu.
  2. Go to Security, then click Security Policies.
  3. Click on the policy for which you want to remove the password.
  4. Go to Password Policy, then click Remove Password Policy.
    If a password policy is removed, the next policy having the top priority will be applied to the user. Check our help documentation to know more about policy priority
  5. Click Yes, Remove. The password policy will be removed and in order to enforce the newly prioritized user policy, you will need to reset all passwords.
    The maximum password age, minimum password age, and the refusal of previously used passwords will be effective immediately after the password priority is set and the older one is removed.
    • Related Articles

    • Add security policy

      In the mobile application: Open the Zoho One app on your mobile device, then tap  in the top-right. Tap  in the bottom-right, then tap Security Policies. Tap Add, then enter the Policy Name.  Choose the groups the policy will be applied to. To ...
    • Security Policies - Overview

      Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components: Password policy: This component dictates how strong the users' passwords must be and how often they have to be ...
    • Delete a security policy

      When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application:  Open the Zoho One app on your mobile device, then tap  in the ...
    • Apply an existing security policy to new groups

      When applying a policy to a new group, remember to take the policies already applied to the group into account. When a group has multiple security policies, they will be applied based on the policy priority. In the mobile application:  Open the Zoho ...
    • Policy must be used by at least one group. Apply policy to another group and try again.

      Description You may encounter this error when you're trying to remove the only applicable group from a security policy. Reason Security policies have to be applied to groups in order to affect the members of the groups. Without being applied to a ...