Set password policies and session duration

As an admin, you can enhance security by setting password requirements and managing session durations. Define criteria for creating strong passwords and control how long users stay logged in after inactivity, ensuring both protection and convenience.

See how it looks

Key features

• Define a minimum number of characters in a password
• Enforce whether a password must be different from a number of previous ones
• Specify which characters must be included in a password
• Configure password expiry
• Set a period of inactivity, after which users are logged out automatically

You need this to succeed

Do this step by step

1. Log in to the Admin App and click the gear icon to open Settings.
2. Select Security from the left side menu.
3. In the Authentication section, click Password Requirements to reveal the password policy options. See the password policy table for policy descriptions. Check the boxes next to the policies you want to enable. Then, set any additional settings if needed. Click Save when done.
   
   Passwords created or updated by users will be automatically validated against the set policies.
   
   

   Password policy	Description
   Passwords must not include the company name.	Always enabled.
   Passwords must not include the user's first name or last name	Always enabled.
   Passwords must be at least X characters long	Always enabled. Set a number of characters between 6 and 255.
   New passwords must be unique over the last X month(s).	Enable this option to prevent users from reusing recent passwords within a specific timeframe. Select a period of time between 1 month and 6 months.
   New passwords must be different than the previous X passwords	Enable this option to prevent users from reusing recent passwords. Select a number of previous passwords between 1 and 5.
   Passwords expire after X days	Enable this option to encourage users to refresh their passwords. Select a period of 30, 60, or 90 days. Users will need to reset their password at the set interval by entering the old password and a new password, different from the previous one.
   Passwords must include: At least 1 letter At least 1 number At least 1 lower case letter At least 1 upper case letter At least 1 special character (non-alphanumeric)	Enable one or more character requirements to align with your organization’s security policies and make passwords more resistant to common attacks.

4. In the Access section, click Access Management to reveal the Session Duration options. You can select the following options to set an automatic logout timeframe for users of the mobile apps and the Web App.
   
   • Default: Users will stay logged in until these session time limits: 24 hours for the Web App, 2 weeks for the Showpad Plugins and Windows Desktop App, and indefinitely for the Mobile App.
     
     On the Web App, users are automatically logged out after 24 hours of inactivity. However, if they select the Remember Me option on the login screen of the Web App, they will stay logged in for 2 weeks of inactivity.
   • Custom: Users will be automatically logged out after the selected hours of inactivity, except for the Windows Desktop App and the Outlook or Gmail plugins, which follow the default time limits mentioned above. However, if users select the Remember Me option on the login screen of the Web App, they will stay logged in for 2 weeks of inactivity.
5. Click Save.

Note:  These settings also apply when using Single Sign-On (SSO) with Showpad. However, the Remember Me option is unavailable for users when using SSO.