Security Policies - Password Policy | Admin Guide - Zoho One

Configure password policy

Passwords are the most commonly used authentication factor. Many users reuse the same, insecure password for all their online accounts, compromising their organization's security. To protect yourself from this common pitfall, make it mandatory for your users to create passwords that meet certain security standards.

In the web application

  1. Sign in to Zoho One, then click Directory in the left menu.
  2. Go to Security, click Security Policies, then click on the policy you want to configure.
  3. Go to Password Policy, then click Setup.
  4. Select from the three preset Password Strengths or choose Custom.
  5. If you choose Custom, set:

    PASSWORD COMPLEXITY

    Minimum length for a Password

    The minimum number of characters the password must have.

    Mixed Password

    When this is enabled, users have to set passwords with both upper and lower case characters.

    Minimum special characters

    The number of special characters the password must have.

    Minimum numeric digits

    The number of numeric characters the password must have.

    PASSWORD AGE

    Maximum password age

    The number of days users can use a password for.

    Minimum password age

    The duration that users must use a password before resetting it.

    Refusal of Previously Used Passwords

    The number of most recent passwords that users can't reuse.


  6. Click Update Policy.
To remove a password policy:
  1. Sign in to Zoho One, then click Directory in the left menu.
  2. Go to Security, then click Security Policies.
  3. Click on the policy for which you want to remove the password.
  4. Go to Password Policy, then click Remove Password Policy.
    Notes
    If a password policy is removed, the next policy having the top priority will be applied to the user. Check our help documentation to know more about policy priority
  5. Click Yes, Remove. The password policy will be removed and in order to enforce the newly prioritized user policy, you will need to reset all passwords.
    Info
    The maximum password age, minimum password age, and the refusal of previously used passwords will be effective immediately after the password priority is set and the older one is removed.