Password Policies
Password policies require users to comply with a set of rules when creating or changing passwords.
The following guide outlines configurable password policies, mandatory password policies, and best practices for password management. The sections detailing configurable policies and mandatory policies only apply to native logins, since password policies for SSO logins are managed through identity providers.
Configurable Policies
Password policies can be configured through the Passwords API and the Socotra Insurance Suite UI by navigating to System Manager > Settings > Password Policy.
By default, password policies are set to the following values:
Minimum number of uppercase characters: 1
Minimum number of lowercase characters: 1
Minimum number of numbers: 1
Minimum number of special characters: 1
Minimum password length: 16
Maximum password length: 64
Password expiration duration: 90 days
Number of recently used passwords that cannot be reused: 4
Mandatory Policies
The following password policies are mandatory and are not configurable:
Passwords cannot be the same as the user’s email address or username.
Commonly used or easily guessed passwords may be automatically rejected.
Best Practices
For maximum security, Socotra highly recommends observing the following best practices for password management:
Avoid using commonly used or easily guessed passwords. Some examples include:
123456
Password
Password123
111111
qwerty
Dictionary words
Names
Dates
Companies
Passwords should include uppercase letters, lowercase letters, numbers, and special characters.
Passwords should be a minimum of 12 to 16 characters.
Require users to change their passwords every 30 to 90 days.
Never share your password with anyone.
Never write your password down.
Never reuse passwords, even across multiple websites.
If you suspect someone has access to your account, change your password immediately.
Consider using a secure password manager to help you adhere to these guidelines.