System-Defined Password Requirements
The following password requirements are always enforced by the system and can't be changed by an administrator:
-
A prior password can't be reused.
-
There must be a significant difference between a new password and the last password. (For example, a user can't change a password from
MyWord!123toMyWord!145.) -
Easy-to-guess passwords, such as common names, words, and strings like
abcd123456are prohibited. -
Non-ASCII characters are considered illegal characters and are prohibited.
-
The minimum password length must be at least the minimum required by the selected password policy.
-
Passwords must contain the appropriate variety of character types specified by the selected password policy:
Character types are:
-
Uppercase alphabet (A, B, ... Z)
-
Lowercase alphabet (a, b, ... z)
-
Number (1, 2, 3, 4, 5, 6, 7, 8, 9, 0)
-
Non-alphanumeric ASCII characters, for example ` ~ ! @ # $ % ^ & * ) ; ' [ ] "{ }.
-
Immediate Feedback on Password Changes
When entering a new password, users receive immediate feedback on compliance with password requirements. An administrator receives the same feedback when entering a user password on the Access tab of an employee, partner, vendor, or customer record.
For more information about how users can change their passwords, see Change Password Link.
Every page where a user changes a password contains the Password Criteria table. This ensures that the user can tell whether the proposed password meets the security rules enforced by the system.