Being able to define password policies that all users need to conform to is a distinct advantage of the Enterprise Plus Account.
Create a Password Policy
- In the Account drop-down menu select My Account
- Select Password Policy under Security from menu on left
- Click Create a Password Policy
- Expiration Interval drop-down menu allows you to set an expiry date for the password - from 3 days to 12 months
- User Settings - when the Expiration Interval is applied there will be an added option to Force all users to update password on next login
- Password Complexity
- Create a basic set of rules - create a policy with a simple interface of tickboxes
- Create a complex set of rules using regex - 'Regular Expressions' allows advanced users to define more complex rules
- Minimum and Maximum Length - the number of characters a password can contain
- Policy Elements - requirements for the password (the last option, Password cannot contain SmartSurvey user information, stops the password from containing the user's name or email address)
Complex Rules
Rules can be defined using the regex syntax (for the advanced user only).
- Regex Expression - allows advanced users to create passwords with more complex rules such as more than one of a character type, positions of certain characters in the password, etc. If your organisation already has such a policy, your IT department may be able to provide you with the regex code to use
- Description when failed (Optional) - allows you to enter a customised error message when a user enters a non-conforming password
Applying the Policy
Once you've defined the policy to your satisfaction, click Apply Policy to apply it.
Rules defined using this feature are in addition to rules applied to all SmartSurvey passwords such as prohibiting the use of common insecure passwords like 'password', 'pa55word', '12345678', etc.