| Announced on | Rollout starts | Rollout ends |
| May 28, 2026 | August 17, 2026 | August 31, 2026 |
Zendesk is updating the password policy requirements for team members to ensure all accounts meet current security best practices. As part of this update, legacy password security levels will be removed to provide a more streamlined and secure authentication experience.
This announcement includes the following topics:
What's changing?
- Zendesk is removing the legacy password security levels: Low, Medium, and High for team member authentication. This change does not affect end-user authentication.
- Accounts using these legacy security levels must migrate to either the Recommended password security level or a Custom password policy.
- Starting August 17, 2026, any account still using a legacy password security level will be automatically migrated to the Recommended level.
-
Certain custom password policy settings are being updated to align with new standards. If your current settings fall into a legacy range, you must update them before rollout starts on August 17, 2026 to prevent a forced password reset.
Password policy setting Current legacy range New required range Minimum length 5-13 characters 12-20 characters Failed attempts until lockout 3-10 attempts 5-10 attempts Passwords can resemble email Allowed Not allowed
Accounts using weaker legacy configurations will require team members to reset their passwords to comply with the updated policy.
Why is Zendesk making this change?
Legacy password security levels no longer meet modern security standards and expose accounts to increased risk. Outdated lengths, weak lockout thresholds, and predictable passwords make accounts vulnerable to unauthorized access and credential attacks.
Updating these password policy settings ensures all Zendesk accounts are protected by strong, industry-standard authentication rules. While you can still use a Custom policy, switching to the Recommended security level aligns your account with evolving security protections, preventing forced password resets during future policy updates.
What do I need to do?
Update your team member password policy before August 17, 2026.
- Select the Recommended security level: Preferred for long-term compatibility with ongoing security enhancements.
- Select the Custom password policy: Use if your organization has specific requirements. Note that further changes to Custom policy settings may require additional password resets in the future.
If you take no action by August 17, 2026, your account will migrate automatically to the Recommended password security level, and all team members will be prompted to reset their passwords upon their next sign-in.
For more information and instructions on updating your settings, see Changing the password security level.
If you have feedback or questions related to this announcement, visit our community forum, where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk Customer Support.