Password policies

Using a strong password is an important safety measure that protects your account.  When you use a ScheduleOnce login, setting a password policy can ensure that Users in your account follow password best practices and organizational guidelines.

Password policies apply to Users on your ScheduleOnce account that use an email and password combination to login. Passwords for Users with a Google login are managed by Google. Learn more about Google password policies.
 
By default, all passwords in ScheduleOnce must be at least six characters long and include both lower case letters and numbers. Policies can be adjusted to accommodate for stricter requirements.
 
Administrators can change the password policies by logging into the ScheduleOnce account and navigating to Account >> Security >> Password policies >> Edit. Here the Administrator can set three parameters: The minimum length, complexity, and expiration timeframe.

 

Password length

This defines the minimum character length for the password. Passwords must contain at least the number of characters defined by the password length. The longer a password, the more secure it is. Enforcing a long password is recommended.
 


Password complexity

This defines which groups of characters must be used to construct a password. To meet the requirement, a password must contain at least one letter from each of the enabled groups. The “Special characters” group follows best practices and contains the characters recommended by OWASP.
 


Password expiration

Periodically changing your password is a recommended practice. By default, passwords do not expire in ScheduleOnce. However, enabling password expiration forces Users to change passwords. If a password age is older than the expiration timeframe, your Users will be prompted to select a new password on their next login.  
 


Password enforcement

Passwords policy changes are enforced when the User creates or changes their password. To ensure that password policies are quickly propagated throughout the account, you should set a seven day expiration time frame. This will force users to comply with your password policy within a week, after which you should extend the expiration time frame to expire after 6 - 12 months. 
 

Rate this article