Overview
You can establish a strict password policy that requires users to meet certain conditions for creating a password such as minimum password length, minimum numbers and symbols allowed, require them a mixed case, and the use of consecutive characters.
Prerequisites
- To edit any of the security and user registration settings, you will need an administrator account with the 'Manage system configuration' permission.
- Learn more about how Kayako safeguards your data on our product security page.
- Scale or Enterprise plans are required for configuring password policies. It's not available on Inbox and Growth price plans. If you wish to upgrade your price plan to get this option, please contact the Sales Department by sending an email to Sales@kayako.com.
Diagnosis
Your organization may want to control user access by defining custom passwords and requirements to prevent your users from using weak and common word passwords.
Weak passwords can pose a security risk to any application, so it's best to define strict password policies to reduce the use of common or easy-to-crack passwords. As mentioned above, this option is available on Scale or Enterprise plans only.
NOTE: If you are not on the Scale or Enterprise plans, you will only see the 'Help Center content' tab under the 'Security policies' configuration. The 'Agents' and 'Customers' tab will not be displayed.
Solution
Setting Password Policies for Customers and Agents
Follow these steps to configure password policies for your Kayako users:
- Sign in to the admin area.
- Click on Security policies in the sidebar.
- Choose either the 'Agents' or 'Customers' tab at the top. The configuration options will be the same for both types of users.
- In the 'Password policy' section, set the following options as needed:
- Set the minimum length for your passwords by entering a number of characters in the Minimum password length field.
- To require one or more numbers in every password, enter '1' or greater in the Minimum numbers field.
- To require one or more symbols in every password, enter the number of symbols to require in the Minimum symbols field.
- To require at least one lowercase and one uppercase letter in every password, select 'Yes' from the Require a mixed case dropdown.
- To prevent too many consecutive characters in your passwords, enter a number of repeats you'll allow in the Maximum consecutive characters field. For example, if you enter '2' here, your users won't be able to use 'sssecret' as a password since it contains three (3) 's'.
- When you're satisfied with your policy setup, click the Save button.
Confirmation
When a user creates or changes their passwords, the password will need to meet the requirements specified in the configuration which will also be displayed on the password reset screen. While the user is typing the new password on the password reset field, you will see those little check marks turning into 'green' once the requirements are satisfied.