🇪🇸 Español 🇬🇧 English 🇧🇷 Português

Password policy: minimum length and required complexity

Set minimum length and complexity rules for every password used across your organization.

Jul 11, 2026

What it is

The password policy lets you enforce a minimum security bar for every password used across your organization: minimum length, plus optional requirements for uppercase letters, numbers, and special characters. It's an organization-wide setting, not per-user — it applies to every member.

Requirements

  • Owner or Admin role (the settings.manage permission).

Steps

  1. Go to Settings > Security.
  2. Find the Password Policy section.
  3. Set the minimum length (between 6 and 128 characters).
  4. Toggle Require uppercase, Require numbers, and Require special characters as needed.
  5. Click Save changes.

Configuration

Field Values Default
Minimum length 6–128 characters 8
Require uppercase On/Off On
Require numbers On/Off On
Require special characters On/Off Off

Example

You want passwords to be at least 10 characters long, include an uppercase letter and a number, but you don't want to force special characters to keep adoption smooth. Set minimum length to 10, turn on uppercase and numbers, leave special characters off, and save.

Tips

  • Raise the bar gradually — jumping from 8 to 12 characters overnight can generate support tickets if your team isn't used to it.
  • Pair this policy with mandatory two-factor authentication for stronger protection overall.

Troubleshooting

  • A user can't save their new password: check it meets every active requirement (length, uppercase, number, special character as applicable) — the form shows exactly which rule failed.
  • I changed the policy but existing passwords didn't change: the policy applies going forward, whenever someone creates or changes a password — it does not force an automatic retroactive reset.
Was this helpful?

Related articles