> ## Documentation Index
> Fetch the complete documentation index at: https://zuperinc-section23.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Password Policy

Zuper allows administrators to define a password policy for their organization to ensure enhanced security. By setting a firm password policy, you can encourage users to create robust passwords that protect sensitive data and maintain the integrity of your workspace.

<Frame>
  **Navigation**: *Settings -> Security - > Password Policy*
</Frame>

## **Prerequisites**

* You must have administrative access to the Zuper platform.
* Ensure you are logged into your Zuper account with the appropriate permissions.

## **Navigate to the Security Settings**

* Log in to your Zuper account.
* Select the “**Security**” module from the left-hand navigation menu.
* In the Security module, click **Password Policy**. This section allows you to define the rules for password creation within your organization.

<img src="https://mintcdn.com/zuperinc-section23/y5hXPfWCnlyuW3Rc/images/Passpolicy1.png?fit=max&auto=format&n=y5hXPfWCnlyuW3Rc&q=85&s=225008d56e874f8df953972b1406fe69" alt="Passpolicy1 Pn" width="1918" height="861" data-path="images/Passpolicy1.png" />

## **Configure Password Complexity**

* In the Password Policy section, you can see a dropdown labelled Password complexity. You can set the complexity to Low, Medium, or High. If you select Custom, you can define specific requirements for passwords.

<img src="https://mintcdn.com/zuperinc-section23/y5hXPfWCnlyuW3Rc/images/Passpolicy3.png?fit=max&auto=format&n=y5hXPfWCnlyuW3Rc&q=85&s=e2a21ed98d5881947cbc56e8193a9ab6" alt="Passpolicy3 Pn" width="1902" height="870" data-path="images/Passpolicy3.png" />

3. Below the dropdown, there are several options to customize the password policy. Check the boxes for the rules you want to enforce:

* **Minimum length**: Set the minimum number of characters required for a password. For example, you can set it to **8 characters** (recommended for better security).
* **Cannot contain the username or email address**: Enable this option to prevent users from including their username or email address in their password, reducing the risk of predictable passwords.
* **Password expires in**: Specify a duration after which passwords will expire, prompting users to create a new one. For example, set it to **30 days**.
* **Should have at least one alphabet and number**: Enable this to ensure passwords include a mix of letters and numbers.
* **Should have at least one uppercase and lowercase**: Enable this to require both uppercase and lowercase letters in passwords.
* **Should have at least one special character (such as # \$ @, etc)**: Enable this to mandate the inclusion of special characters for added complexity.

<img src="https://mintcdn.com/zuperinc-section23/y5hXPfWCnlyuW3Rc/images/Passpolicy2.png?fit=max&auto=format&n=y5hXPfWCnlyuW3Rc&q=85&s=7778e62ca987a41e7fe75c5eee44ed91" alt="Passpolicy2 Pn" width="1909" height="873" data-path="images/Passpolicy2.png" />

After configuring the settings, click the **Save** button at the top right of the screen to apply the new password policy.

 

 

 

 

 

 

**Best Practices for a Strong Password Policy**

* **Set a Reasonable Minimum Length**: A minimum of 8 characters is a good starting point, but consider increasing it to 12 or more for higher security.
* **Enforce Variety**: Requiring a mix of uppercase, lowercase, numbers, and special characters makes passwords harder to crack.
* **Avoid Predictable Information**: Preventing the use of usernames or email addresses in passwords reduces the risk of guessable passwords.
* **Regular Password Expiry**: Setting an expiration period (e.g., 30 or 90 days) ensures users update their passwords periodically, reducing the risk of compromised credentials.
* **Educate Users**: Inform your team about the importance of creating strong, unique passwords and avoiding reuse across different platforms.

**Troubleshooting**

* **Users Unable to Set Passwords**: If users encounter issues while setting passwords, ensure they follow the defined policy (e.g., meeting the minimum length or including required characters).
* **Policy Not Applied**: If the new policy doesn’t take effect, double-check that you clicked **Save** after making changes. You may also need to log out and log back in to see the updated settings.
* **Forgotten Passwords**: If a user forgets their password, they can use the “Forgot Password” option on the login page to reset it, provided this feature is enabled in your Zuper workspace.