Configure password policy
Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for your users to create passwords that meet certain security standards.
In the mobile application:
- Open the Zoho One app on your mobile device, then tap
in the top right.
- Tap
in the bottom right, then tap Security Policies.
- Tap the required security policy, then tap Password Policy.
- Tap the toggle bar to enable the password policy.
- Set the password preferences, then tap SAVE.
To disable a password policy:
- Open the Zoho One app on your mobile device, then tap
in the top right.
- Tap
in the bottom right, then tap Security Policies.
- Tap the required security policy, then tap Password Policy.
- Tap the toggle bar to disable the password policy.
- Tap SAVE.
In the web application:
- Sign in to Zoho One
, then click Directory in the left menu.
- Go to Security, click Security Policies, then click on the policy you want to configure.
- Go to Password Policy, then click Setup.
- Select from the three preset Password Strengths or choose Custom.
- If you choose Custom, set:Minimum length of a PasswordThe minimum number of characters the password must have.Mixed PasswordWhen this is enabled, users have to set passwords with both upper and lower case characters.Minimum special charactersThe number of special characters the password must have.Minimum numeric digitsThe number of numeric characters the password must have.Maximum password age
The number of days users can use a password for. Minimum password age The duration that users must use a password before resetting it.Refusal of Previously Used PasswordsThe number of most recent passwords that users can't reuse. - Click Update Policy.
To remove a password policy:
- Sign in to Zoho One
, then click Directory in the left menu.
- Go to Security, then click Security Policies.
- Click on the policy for which you want to remove the password.
- Go to Password Policy, then click Remove Password Policy.
If a password policy is removed, the next policy having the top priority will be applied to the user. Check our help documentation to know more about policy priority. - Click Yes, Remove. The password policy will be removed and in order to enforce the newly prioritized user policy, you will need to reset all passwords.
The maximum password age, minimum password age, and the refusal of previously used passwords will be effective immediately after the password priority is set and the older one is removed.
Related Articles
Configure MFA
Multi-factor authentication (MFA) adds an additional layer of security to your organization. When MFA is enabled, your users will have to verify their identity not only with their password, but also with a second factor. The second factor could be an ...Configure allowed IPs
Whitelisting IP addresses prevents unauthorized access and strengthens your organization's security. Once this is configured, you will only be able to access your organization from the allowed IP addresses. In the mobile application: Open the Zoho ...Add security policy
In the mobile application: Open the Zoho One app on your mobile device, then tap in the top-right. Tap in the bottom-right, then tap Security Policies. Tap Add, then enter the Policy Name. Choose the groups the policy will be applied to. To ...Security Policies - Overview
Security policies are a set of customizable rules that govern how your users can authenticate themselves. They consist of four components: Password policy: This component dictates how strong the users' passwords must be and how often they have to be ...Delete a security policy
When a security policy is deleted, the priorities of the remaining policies will be reordered and applied accordingly. Learn more about policy priority. In the mobile application: Open the Zoho One app on your mobile device, then tap in the ...