Password Policies

Enterprise Plus Account holders can define policies that their passwords, and those of sub-users, need to conform to.

To set up a password policy, open your account page from the app, then choose “Password Policy”, and click on “Create a Password Policy”

Create a Password Policy

The options are as follows:

Expiration Interval

How long a password will be valid before a new one must be created. This can be as short as 3 days or as long as a year.

Password Complexity

Create a Basic Set of rules - Create a policy with a simple interface of tickboxes.
Create a complex set of rules using regex – advanced users can use “Regular Expressions” to define more complex rules.

Basic Rules

Minimum and maximum length – how many characters a password can contain.
Policy Elements – requirements for the password. The last option: “Cannot contain SmartSurvey user information” stops the password from containing the user’s name or email address.

Complex Rules

Rules can be defined using the regex syntax. (If you don’t know what this means, don’t worry).

This allows users to create passwords with more complex rules such as more than one of a character type, positions of certain characters in the password, etc. If your organisation already has such a policy, then your IT department may be able to provide you with the regex code to use.

The lower box allows you to enter the error message shown when a user enters a non-conforming password.

Applying the Policy

Where an expiration has been set, there will be an option to force users to create new passwords on their first login after the policy has been applied.

Once you've defined the policy to your satisfaction, click "apply policy" to apply it.

Rules defined using this feature are in addition to rules applied to all SmartSurvey passwords such as prohibiting the use of common insecure passwords like “password”, “pa55word”, “12345678”, etc.

Was this guide helpful?