Password Policies in Salesforce

Password policies are user security settings with the password policy for the users. Password policies help us to maintain a strict and complex pattern in password with the automatic expiry. By default Salesforce passwords expire in 90 days and the user cannot use three previous passwords. Passwords are 8 characters in length and should be a combination of alpha-numeric characters. These policies can be changed using the Password Policies settings.

To change the Password Policies perform the following steps:

1. Go to User name –> Setup –> Administration Setup –> Security Controls–> Password Policies.

2. Change the policies according to the requirements as shown in the following screenshot:

3. The message and help link can be provided to the users in case they forget the password. If the system administrator forgets the password we can reset it using the reset link sent to the e-mail.

4. Click ‘Save’ button to save the changes.

FieldDescription
User passwords expire inThe length of time until all user passwords expire and must be
changed. Users with the “Password Never Expires” permission are not affected
by this setting. The default is 90 days. This setting is not available for
Self-Service portals.
Enforce password
history
Save users’ previous
passwords so that they must always reset their password to a new, unique
password. Password history is not saved until you set this value. The default
is 3 passwords remembered. You cannot select No passwords remembered unless
you select Never expires for the User passwords expire in field. This setting
is not available for Self-Service portals.
Minimum password
length
The minimum number of characters required for a password. When
you set this value, existing users aren’t affected until the next time they
change their passwords. The default is 8 characters.
Password complexity
requirement
The requirement for which types of characters must be used in
a user’s password. Complexity levels: No restriction—allows any password value and is the
least secure option. Must mix alpha and numeric—requires at least one alphabetic
character and one number. This is the default. Must mix alpha, numeric, and
special characters—requires at
least one alphabetic character, one number, and one of the following
characters: !
# $ % – _ = + < >.
Password question
requirement
The values are Cannot
contain password, meaning that the answer to the password hint question
cannot contain the password itself; or None, the default, for no restrictions
on the answer. The user’s answer to the password hint question is required. This setting is not available for
Self-Service portals, Customer Portals, or partner portals.
Maximum invalid
login attempts
The number of login failures allowed for a
user before they become locked out. This setting is not available for
Self-Service portals.
Lockout effective
period
The duration of the login lockout. The default is 15 minutes. This
setting is not available for Self-Service portals.Note If users are locked
out, they must wait until the lockout period expires. Alternatively, a user
with the “Reset Passwords and Unlock Users” permission can unlock them by
clicking Your Name | Setup | Manage Users | Users,
selecting the user, then clicking Unlock. This button is only
available when a user is locked out.
MessageWhen set, this
custom message appears in the Account Lockout email and at the bottom of the
Confirm Identity screen for users resetting their passwords. You can
customize it with the name of your internal help desk or a system
administrator. For the lockout email, the message only appears for accounts
that need an administrator to reset them. Lockouts due to time restrictions
get a different system email message.
Help linkIf set, this link
displays with the text defined in the Message field. In the Account Lockout
email, the URL displays just as it is typed into the Help link field, so the
user can see where the link takes them. This is a security feature because
the user is not within a Salesforce organization. On the Confirm
Identity password screen, the Help link URL combines with the text in the Message
field to make a clickable link. Security isn’t an issue since the user is in
a Salesforce organization when changing passwords. Valid protocols: http https mailto:

Sample output for Help Link and Message:

Leave a Reply