Changing Password Policy
You can establish a password policy to prevent users from setting weak passwords.
This page describes the steps to configure settings for the password policy and how to calculate the password expiration period.
Items That Are Applied to Users
The following items are applied to users when they set their passwords in their "Account Settings".
- Minimum Number of Characters for the User Password
- Minimum Number of Characters for the Administrator Password
- Password Complexity
- Allow users to use login name as password
- Password Reuse Limit
When Prohibiting Users from Changing Their Passwords
If you clear "Allow users to reset password", only Kintone Users & System Administrators can change users' password.
Even when Kintone Users & System Administrators change users' password, the password policy is not applied.
Consequences for password policy
Steps
-
Click the gear-shaped menu button in the header.
-
Click Users & System Administration.
-
Click Login.
-
In the "Password Policy" section, select the minimum length (characters) of user passwords.
- Minimum Number of Characters for the User Password
This setting is applied to all users except Kintone Users & System Administrators. - Minimum Number of Characters for the Administrator Password
This setting is applied to Kintone Users & System Administrators.
- Minimum Number of Characters for the User Password
-
Select password complexity requirements.
-
Specify whether to allow users to use their login names as their passwords.
For security reasons, we recommend you not to enable this option.
-
Set the password reuse limit.
Set the number of previous passwords that cannot be reused when users change their password.
Previous passwords include passwords that have been changed by both users and administrators.
-
Select a password expiration period.
Password Expiration Period
-
Click Save.
Password Expiration Period
Notification of expiration date
When the number of days remaining before the password expires is five or less, a message appears on the page after login that displays the number of days remaining and prompts you to change the password.
However, if you are using the mobile app, you will not be notified of the number of days remaining before password expiration.
How to calculate password expiration period
The password expiration is calculated starting from the date and time when the user changed the password.
For example, assume that User A changed the password on March 1st at 10 AM.
Then, on March 25th, one of Kintone Users & System Administrators changed the setting of password expiration period to 30 days.
In this case, the password for User A will be valid from "March 1st, 10 AM" to "March 30th, 10 AM" which is 30 days after the start date.