The Password Policies screen allows you to define and enforce secure password rules for both users and administrators. These rules help you strengthen account protection, support compliance frameworks, and reduce the risk of unauthorized access.
📍 To access this screen, go to Users & Teams → Password Policies from the left-side menu
You can configure two predefined policies:
| Policy Name | Applies To |
|---|---|
| Policy for All Administrators | All Timus Manager portal admins |
| Policy for All Users | All standard user accounts managed in Timus |
These policies only apply to accounts managed directly within Timus. Users authenticated via external identity providers—such as Microsoft Entra ID, Okta, or Google Workspace—are governed by the password rules set in those platforms.
Edit a Password Policy
Click Edit next to a policy to open the configuration form. Each policy includes multiple rule options you can enable or adjust based on your organization’s security standards.
Available Password Rules
| Rule | Description |
|---|---|
| Minimum character length | Set the minimum number of total characters required. |
| Minimum lowercase letters | Require a minimum number of lowercase (a–z) characters. |
| Minimum uppercase letters | Require a minimum number of uppercase (A–Z) characters. |
| Minimum digits (0–9) | Require numeric digits in the password. |
| Minimum special characters | Require symbols such as !@#$%&*+ |
| Maximum consecutive digits | Prevent sequences like 1234 or 0000 |
| Cannot use commonly used passwords | Blocks popular weak passwords (e.g., password123, admin2024) |
| Cannot contain keywords | Allows you to define specific words (like company name or brand) that cannot appear in passwords. |
| Cannot contain email prefix | Prevents using the part of the user’s email before @ |
| Cannot contain first name | Blocks use of the user’s first name in their password. |
| Cannot contain last name | Blocks use of the user’s last name in their password. |
| Password expiration period | Forces password renewal after a defined number of days. |
Once saved, changes apply to all newly created, updated, or reset passwords. Existing passwords remain valid until changed or expired.
✅ Best Practices
- Always enable "Cannot use commonly used passwords" to prevent predictable passwords.
- Use a balanced mix of lowercase, uppercase, numbers, and symbols.
- Set a reasonable expiration period (e.g., 90 days) to reduce long-term exposure.
- Use the "Cannot contain keywords" rule to block sensitive internal terms (e.g., company name, product name).
Updated
Comments
0 comments
Please sign in to leave a comment.