Password policies

Using a strong password is an important safety measure that protects your account.  When you use a ScheduleOnce login, setting a password policy can ensure that Users in your account follow password best practices and organizational guidelines.

Password policies apply to Users on your ScheduleOnce account that use an email and password combination to login. Passwords for Users with a Google login are managed by Google. Learn more about Google password policies.
 
By default, all passwords in ScheduleOnce must be at least six characters long and include both lower case letters and numbers. Policies can be adjusted to accommodate for stricter requirements.
 
Administrators can change the password policies by logging into the ScheduleOnce account and navigating to Account >> Security >> Password policies. Here the Administrator can set four parameters: The minimum length, complexity, expiration timeframe and whether Users can reuse previous passwords.

 

Password length

This defines the minimum character length for the password. Passwords must contain at least the number of characters defined by the password length. The longer a password, the more secure it is. Enforcing a long password is recommended.
 


Password complexity

This defines which groups of characters must be used to construct a password. To meet the requirement, a password must contain at least one letter from each of the enabled groups. The “Special characters” group follows best practices and contains the characters recommended by OWASP.
 


Password expiration

Periodically changing your password is a recommended practice. By default, passwords do not expire in ScheduleOnce. However, enabling password expiration forces Users to change passwords. If a password age is older than the expiration timeframe, your Users will be prompted to select a new password on their next login

 

Password history

This section determines whether Users can reuse previous passwords when they change their passwords. Many Users want to reuse the same password for their account over a long period of time, but the longer a password is in use, the less it is secure. If Users are required to change their password, but they can reuse an old password, the effectiveness of a good password policy is greatly reduced. Here you can determine whether Users can reuse previous passwords, and if so, how many times they must change their password before reusing one.

 

Password enforcement

Password policy changes are enforced when the User creates or changes their password. To ensure that password policies are quickly propagated throughout the account, you should set a seven day expiration time frame. This will force users to comply with your password policy within a week, after which you should extend the expiration time frame to expire after 6 - 12 months. 

Users can change their passwords from their Profiles. Learn more about changing your password
 

Rate this article