Specifying Password Complexity and Password Expiration Period

Article Number:02055

You can configure the settings such as password complexity and password expiration in the password policy section.
It is recommended to establish a password policy before starting operation so that users will not choose weak passwords during password configuration.

Procedure

  1. Click gear shaped administration menu icon in the header.

  2. Click Users & System Administration.
    Accessing Kintone Users & System Administration

  3. Click Login. Screenshot: "Login" is highlighted

  4. In the "Password Policy" section, select the minimum length (characters) of user passwords. Screenshot: A field to specify the minimum number of characters for passwords is displayed

    • Minimum Number of Characters for the User Password
      This setting is applied to all users except Kintone Users & System Administrators.
    • Minimum Number of Characters for the Administrator Password
      This setting is applied to Kintone Users & System Administrators.

  5. Select password complexity requirements. Screenshot: A field to specify the password complexity is displayed

  6. Specify whether to allow users to use their login names as their passwords.
    For security reasons, we recommend you not to enable this option.
    Screenshot: An option to allow or disallow users to use their login names as their passwords is displayed

  7. Select the number of times the same password can be used.
    Specify the number of times a password must be changed before an old password can be reused.
    The number of password changes includes changes by the user and by administrators.
    Screenshot: A field to specify password reuse limit is displayed

  8. Select the lifetime of a password.
    Password Expiration Period
    Screenshot: A field to specify the password expiration is displayed

  9. Click Save.

Password Expiration Period

Notes

If users are not allowed to change their passwords, password expiration setting is not applied.

Notification of expiration date

When the number of days remaining before the password expires is five or less, a message appears on the page after login that displays the number of days remaining and prompts you to change the password.
However, if you are using the mobile app, you will not be notified of the number of days remaining before password expiration.

How to calculate password expiration period

The password expiration period is calculated starting from the date and time when the user changed the password.

For example, assume that User A changed the password on March 1st at 10 AM.
Then, on March 25th, Kintone Users & System Administrator changed the password expiration setting to 30 days.
In this case, the password for User A will be valid from "March 1st, 10 AM" to "March 30th, 10 AM" which is 30 days after the start date.