Say 👋 hello to BusyBee, your AI-powered learning & teaching companion for Buzz. Learn more!
Secure your user's information with greater control over password requirements.
Note: If you have set up Single Sign-On (SSO) for Buzz using SAML or CAS and checked the Prevent users from using Buzz credentials box, you aren't able to set up a password policy using Buzz.
To set your password policy:
- Open Domain Settings.
- Scroll to the Authentication-password policy card and complete the following sections:
-
Save when you have finished.
- Note: It may take up to 15 minutes to apply password-policy changes.
Policies and enforcement appear to users in the Change password screen.
Password lockout, expiration, and reset settings
As part of your password policy, you can control when users are locked out of their account, how lockouts work, if and when passwords expire, and how often users can reuse a previously used password.
You are asked to define:
- The Number of unsuccessful login attempts before lockout. This number must be between 1 -100.
- The number of Minutes until lockout expires.
- By default, lockouts don't expire, meaning admins must override them.
- If you enter a number, it must be a positive, whole number.
- The number of Days until passwords expire. By default, passwords don't expire.
- The number of Days to wait before you can reuse a password. By default, there is no wait.
- The number of Days to wait before locking out stale accounts (accounts without login). By default, there is no lockout for stale accounts.
Volatile password-strength settings
Your Volatile password-strength settings are intended to help users secure their accounts. These are called volatile because future events can occur, making previously secure passwords no longer secure.
You are able to specify:
- The Minimum-allowed password strength (entropy). This is a numeric measure of how easily a password can be discovered in an attack; the greater the entropy number, the stronger the password. A strength of 64 or higher is recommended. Click Help me choose to learn more.
- Any Domain-specific words that weaken password strength. Here you can enter terms that users might be tempted to use, but would weaken the password (e.g., the name of the platform or the name of their school).
- The action you want Buzz to take when users have passwords that don't conform with your Volatile password-strength settings. Options include combinations of warnings or requirements users get when logging in or changing passwords:
- None
- Warn on password change
- Require on password change
- Warn on login and require on password change
- Require on login and require on password change
- The desired level of Reject known-breached password enforcement. If the password appears in a database of compromised passwords, Buzz can be set up to take any of the following actions:
- None
- Warn on password change
- Require on password change
- Warn on login and require on password change
- Require on login and require on password change
Basic password-strength settings
Your Basic password-strength settings include:
- The Minimum password length in characters. This number must be between 1-100
- The Minimum character classes used, up to four (a-z, A-Z, 0-9, other).
- The action you want Buzz to take when users have passwords that don't conform with your Basic password-strength settings. Options include combinations of warnings or requirements users get when logging in or changing passwords:
- None
- Warn on password change
- Require on password change
- Warn on login and require on password change
- Require on login and require on password change
Multi-factor authentication
Multi-factor authentication provides an additional layer of security for users by requiring them to use a second device with an authentication app to log into their account.
How do I enable multi-factor authentication (MFA) login for users?
