Setting the password security level

Return to top


  • Marco9000

    Charles Nadeau For End Users, we're unable to find the CUSTOM setting for password security level! 6-chars as password minimum length is not acceptable for a "High" password profile, we need at least 8 chars... How to fix that?

  • Josh
    Zendesk Customer Care
    Hi Marco!
    Thank you for messaging us. The password length for "high" security is at minimum 6 only but they can extend it up to eight characters. Unfortunately, this cannot be altered that the minimum would be eight for end-users.
  • Marco9000

    Hi Josh, thanks for your reply and for fixing this document!

    But the problem remains: We need Custom setting for User-Agents as you originally documented here (but now corrected...). We chose Zendesk for this reason as well.  Minimum length for a "High" security profile should be AT LEAST 8, not 6!!

    Looking at literature, I see that the time it takes for a hacker to crack a 6-characters password is:

    Instantly (number only)
    Instantly (lower case letters)
    Instantly (upper and lowercase letters)
    1 second (Numers, Upper and Lower case letters)
    5 seconds (Numers, Upper and Lower case letters, symbols)

    Question: In the meantime, is it possible to have at least 2FA enabled for End Users? @...

  • Julia

    Hi @...,

    I would like to come back to the topic from Marco of no being able to set customer password requirements. Why does this feature not exist/can this be enabled? 6 characters is not high secured password.

    Also on the subject of 2FA, this would be important to have for end-users too.

  • Matt Newnham

    How long are passwords locked out after the set number of attempts?

  • Aubree
    Zendesk Customer Care

    Hello Matt,

    The lockout duration for the password should not last longer than 5 minutes.

  • mfg

    What happens when I increase the password complexity? I assume that when new accounts are created, they are simply held to the new requirements.

    However for existing users - will they receive an email notification requesting that they update their password? Will they prompted to update whenever they next log in to Zendesk?

    I don't want my users receiving notifications that could quite obviously look like phishing without first giving them a heads up that this kind of notification or website behavior is expected. I'm planning to communicate the change in advance and want to tell them what to expect.

  • Dave Dyson
    Zendesk Community Manager
    Hi Matthew, 
    Take a look at Changing the password security level in the article above -- I think this will address your question. I believe the notifications (email and when they log in) will occur after the 5-day expiration period elapses, not immediately. Hope that helps!
  • Chin Sin - OCBC


    Is there a way to set different password policies for different account?

    For example, service account used for monitoring?

  • Jupete Manitas
    Hi Ong Chin Sin, thanks for writing in! 
    There is no native functionality that caters to different password policies directly. Users will share access or password security level. I recommend checking this consolidated guide about Zendesk sign-in settings. You mentioned the 'service account', assuming you have one user in your organization who will work as a service account and will access your zendesk for security purposes. You may look into the API token - API tokens can be used by anyone on the account and aren't associated with specific users. More details can be checked here Generating a new API token. Thank you!

Please sign in to leave a comment.

Powered by Zendesk