Why is it necessary?
Implementing a strong password policy is crucial as it protects against a range of cyber-attacks. Detecting unauthorized access to your account can be challenging, making periodic password changes an essential practice to mitigate the risk of unauthorized individuals gaining access.
- The setting for password expiry will be Enabled by default when a client is added to SmartPeppol. The default duration for password expiry is set at 60 days (about 2 months), with a preceding password expiry warning period of 10 days for newly added clients.
Note: To prevent abrupt password expiration for all users, this setting is initially disabled for all existing clients within SmartPeppol. Nevertheless, organizations with pre-existing accounts have the flexibility to choose to “ENABLE” this setting if wanted.
Enabling the Password Expiration Setting
To access the password expiration controls, users can navigate to the Organization Settings and select “Password Expiration.”
Here, users are presented with the option to either “Configure” or “Disable” the setting. The current status of the setting is indicated by the display of either “Disabled” or “Enabled” next to the respective option.
Instructions to set up the password
- Set a password expiry limit as needed, with a maximum value of 1825 days (5 years).
- Ensure that the duration of the password expiry notification is set to a value less than the set limit for password expiry.
- The new password cannot be the same as the last password.
- The password can only consist of numbers.
- When the existing organization enables the setting for password expiry, the expiry counter starts from the date of last password change.
Note: After the Password expiry duration, a pop-up window will be displayed to set a new password. The user will have to set a new password to be able to login.