How to add Advanced Security Requirements for Passwords

Have more questions? Submit a request

Security and privacy are some of our core concerns at GoCanvas. That's why we equipped our product with features and capabilities to ensure that your data is secure.

Password Policy

Our basic settings provide great security, but you can enable a password policy to enhance security for your team.

Password complexity can be adjusted with any combination of the following settings:

  • Minimum Password Length of 8 or 16 characters.
  • Password Complexity requirements such as:
    • Must have a combination of upper and lower case letters,
    • Must have at least 1 number,
    • Must have at least 1 special character.
  • Other Password Options such as:
    • Must change password every 90 days. Cannot use any of the last 5 previous passwords,
    • Lockout users after 5 failed login attempts (within a 1 hour window). 

If you make a change it will only affect users when they change their password on their own or upon password expiration, given that setting is selected. You may force them to change at their next login with the setting under Force Password Reset: "Force users to change password on next login?" checkbox.

These changes will not automatically affect API or mobile access.

Setting Up a Password Policy 

  1. Go to Account Settings by expanding the Account drop down in the left navigation. Remember to switch to All if Departments are enabled.Account_Account Settings_Security_Password Policy.png
  2. Under Security Settings find Password Policy and select the Settings button.Account_Account Settings_Security_Password Policy Settings.png
  3. Set your policy and then Save.

Articles in this section

Was this article helpful?
1 out of 2 found this helpful
Share

Comments

4 comments

Please sign in to leave a comment.

  • These changes will not automatically affect API or mobile access.

    What does that mean?

    Will this affect API accounts?

    Is it possible to make exceptions for certain accounts?

    (Edited )
    1
  • Do you email users when their passwords are about to expire?

    1
  • At the top of the Password Policy page:

    Changes to your password policy only take effect when users change their password. You may force them to do so by checking the appropriate box below.

    What box? The "Force users to change password on next login?" box?

    You should be more explicit.

    1
  • At the top of the Password Policy page:

    Changes to your password policy only take effect when users change their password. You may force them to do so by checking the appropriate box below.

    If the "Must change password every 90 days. Cannot use any of the last 5 previous passwords" box was recently turned on (wasn't on previously), does that mean that existing users will still never need to change their passwords?

    1