Changing password policy

Article Number:02055
Intended audience: Kintone Users & System Administrators

You can establish a password policy to prevent users from setting weak passwords.
This page describes the steps to configure settings for the password policy and how to calculate the password expiration period.

Items that are applied to users

The following items are applied to users when they set their passwords in their "Account settings".

  • Minimum number of characters for the user password
  • Minimum number of characters for the administrator password
  • Password complexity
  • Allow users to use login name as password
  • Password reuse limit

When prohibiting users from changing their passwords

If you clear "Allow users to reset password", only Kintone Users & System Administrators can change users' password.
Even when Kintone Users & System Administrators change users' password, the password policy is not applied.
Consequences for password policy

Steps

  1. Click the gear-shaped menu button in the header.

  2. Click Users & System Administration.

  3. Click Login. Screenshot: "Login" is highlighted

  4. In the "Password policy" section, select the minimum length (characters) of user passwords. Screenshot: A field to specify the minimum number of characters for passwords is displayed

    • Minimum number of characters for the user password
      This setting is applied to all users except Kintone Users & System Administrators.
    • Minimum number of characters for the administrator password
      This setting is applied to Kintone Users & System Administrators.

  5. Select password complexity requirements. Screenshot: A field to specify the password complexity is displayed

  6. Specify whether to allow users to use their login names as their passwords.
    For security reasons, we recommend you not to enable this option.
    Screenshot: An option to allow or disallow users to use their login names as their passwords is displayed

  7. Set the password reuse limit.
    Set the number of previous passwords that cannot be reused when users change their password.
    Previous passwords include passwords that have been changed by both users and administrators.
    Screenshot: "Password reuse limit" is displayed

  8. Select a password expiration period.
    Password expiration period
    Screenshot: A field to specify the password expiration period is displayed

  9. Click Save.

Password expiration period

Notification of expiration date

When the number of days remaining before the password expires is five or less, a message appears on the page after login that displays the number of days remaining and prompts you to change the password.
However, if you are using the mobile app, you will not be notified of the number of days remaining before password expiration.

How to calculate password expiration period

The password expiration is calculated starting from the date and time when the user changed the password.

For example, assume that User A changed the password on March 1st at 10 AM.
Then, on March 25th, one of Kintone Users & System Administrators changed the setting of password expiration period to 30 days.
In this case, the password for User A will be valid from "March 1st, 10 AM" to "March 30th, 10 AM" which is 30 days after the start date.