Password Policy: Frequently Asked Questions
By Gudrun Gustafsdottir
The Password Policy within Siteimprove allows you to enforce a password policy that supports specific requirements of your organization. The password you choose will still comply with Siteimprove's standard requirements (a password of minimum 8 characters). This article addresses some frequently asked questions in regards to Password Policy.
A Password Policy can be set up by Account Owners via
Settings> Authentication and Security > Password Requirements.
Frequently Asked Questions
- Are passwords encrypted?
Passwords are hashed. This means that Siteimprove does not have access to user passwords.
- When do passwords expire?
Passwords do not expire. If a Password Policy is changed by an Account Owner or a user with equivalent rights, users will be prompted to create a new password that adheres to the new policy. If a new Password Policy is set and your old password fulfills the criteria, you will not be prompted to create a new password.
- Is there a password history?
No. You are allowed to use a previously used password if it adheres to the set Password Policy.
- How many incorrect password attempts are allowed before being locked out?
Users will be locked out of the platform for 30 minutes after five unsuccessful attempts to login, and will be invited to reset their password.