Recent searches


No recent searches

Setting the password security level



image avatar

Charles Nadeau

Zendesk Documentation Team

Edited Oct 17, 2024


-3

16

16 comments

Charles Nadeau For End Users, we're unable to find the CUSTOM setting for password security level! 6-chars as password minimum length is not acceptable for a "High" password profile, we need at least 8 chars... How to fix that?

0


image avatar

Josh

Zendesk Customer Care

Hi Marco!
 
Thank you for messaging us. The password length for "high" security is at minimum 6 only but they can extend it up to eight characters. Unfortunately, this cannot be altered that the minimum would be eight for end-users.

0


Hi Josh, thanks for your reply and for fixing this document!

But the problem remains: We need Custom setting for User-Agents as you originally documented here (but now corrected...). We chose Zendesk for this reason as well.  Minimum length for a "High" security profile should be AT LEAST 8, not 6!!

Looking at literature, I see that the time it takes for a hacker to crack a 6-characters password is:

Instantly (number only)
Instantly (lower case letters)
Instantly (upper and lowercase letters)
1 second (Numers, Upper and Lower case letters)
5 seconds (Numers, Upper and Lower case letters, symbols)

Question: In the meantime, is it possible to have at least 2FA enabled for End Users? @...

0


Hi @...,

I would like to come back to the topic from Marco of no being able to set customer password requirements. Why does this feature not exist/can this be enabled? 6 characters is not high secured password.

Also on the subject of 2FA, this would be important to have for end-users too.

0


How long are passwords locked out after the set number of attempts?

0


image avatar

Aubree

Zendesk Customer Care

Hello Matt,

The lockout duration for the password should not last longer than 5 minutes.

0


What happens when I increase the password complexity? I assume that when new accounts are created, they are simply held to the new requirements.

However for existing users - will they receive an email notification requesting that they update their password? Will they prompted to update whenever they next log in to Zendesk?

I don't want my users receiving notifications that could quite obviously look like phishing without first giving them a heads up that this kind of notification or website behavior is expected. I'm planning to communicate the change in advance and want to tell them what to expect.

0


Hi Matthew, 
 
Take a look at Changing the password security level in the article above -- I think this will address your question. I believe the notifications (email and when they log in) will occur after the 5-day expiration period elapses, not immediately. Hope that helps!
 

0


Hi,

Is there a way to set different password policies for different account?

For example, service account used for monitoring?

0


image avatar

Jupete Manitas

Zendesk Customer Care

Hi Ong Chin Sin, thanks for writing in! 
 
There is no native functionality that caters to different password policies directly. Users will share access or password security level. I recommend checking this consolidated guide about Zendesk sign-in settings. You mentioned the 'service account', assuming you have one user in your organization who will work as a service account and will access your zendesk for security purposes. You may look into the API token - API tokens can be used by anyone on the account and aren't associated with specific users. More details can be checked here Generating a new API token. Thank you!

0


Some of our agents use SSO while others do not.  The SSO option on our account is turned on.

Does this mean the resetting password email does not work?

Thanks

0


image avatar

Cheeny Aban

Zendesk Customer Care

Hi Pete Ng, 

It depends. If you have Zendesk authentication and SSO enabled, your agents have the option to log in via SSO or their user name and password. That said,  if you are pertaining to their Zendesk email and password, resetting the password will allow them to log in. You may also check by going to Admin Center>Team Member authentication 

I hope that helps!
 

0


When will Custom Password Security Levels be available for End Users (Customers)?

Currently this security level is available only for agents and admins.

1


We need to be able to create custom password settings for end users. A 6-character minimum is not secure and is extremely outdated. Additionally, it does not comply with our security program.

0


Hi, can you please add to this article what the security password policies are for Low, Medium, and High? Currently this article only displays the policy definition for “Recommended”.

Thanks!

0


image avatar

Kristie Sweeney

Zendesk Documentation Team

Thanks for your suggestion Lauren Mulkern , I will run this past the team! We encourage customers to switch to the Recommended policy because it is more secure, and therefore, we decided not to include details about the older, less secure policies. However, you can see the details of the older policies when they are selected in the Team member authentication and End user authentication pages in Admin Center. Note that if you change the security level from Low, Medium, or High to either Recommended or Custom, you can't revert back.

0


Please sign in to leave a comment.