Setting the password security level

Return to top

10 Comments

  • Marco9000

    Charles Nadeau For End Users, we're unable to find the CUSTOM setting for password security level! 6-chars as password minimum length is not acceptable for a "High" password profile, we need at least 8 chars... How to fix that?

    0
  • Josh
    Zendesk Customer Care
    Hi Marco!
     
    Thank you for messaging us. The password length for "high" security is at minimum 6 only but they can extend it up to eight characters. Unfortunately, this cannot be altered that the minimum would be eight for end-users.
    0
  • Marco9000

    Hi Josh, thanks for your reply and for fixing this document!

    But the problem remains: We need Custom setting for User-Agents as you originally documented here (but now corrected...). We chose Zendesk for this reason as well.  Minimum length for a "High" security profile should be AT LEAST 8, not 6!!

    Looking at literature, I see that the time it takes for a hacker to crack a 6-characters password is:

    Instantly (number only)
    Instantly (lower case letters)
    Instantly (upper and lowercase letters)
    1 second (Numers, Upper and Lower case letters)
    5 seconds (Numers, Upper and Lower case letters, symbols)

    Question: In the meantime, is it possible to have at least 2FA enabled for End Users? @...

    0
  • Julia

    Hi @...,

    I would like to come back to the topic from Marco of no being able to set customer password requirements. Why does this feature not exist/can this be enabled? 6 characters is not high secured password.

    Also on the subject of 2FA, this would be important to have for end-users too.

    0
  • Matt Newnham

    How long are passwords locked out after the set number of attempts?

    0
  • Aubree
    Zendesk Customer Care

    Hello Matt,

    The lockout duration for the password should not last longer than 5 minutes.

    0
  • mfg

    What happens when I increase the password complexity? I assume that when new accounts are created, they are simply held to the new requirements.

    However for existing users - will they receive an email notification requesting that they update their password? Will they prompted to update whenever they next log in to Zendesk?

    I don't want my users receiving notifications that could quite obviously look like phishing without first giving them a heads up that this kind of notification or website behavior is expected. I'm planning to communicate the change in advance and want to tell them what to expect.

    0
  • Dave Dyson
    Zendesk Community Manager
    Hi Matthew, 
     
    Take a look at Changing the password security level in the article above -- I think this will address your question. I believe the notifications (email and when they log in) will occur after the 5-day expiration period elapses, not immediately. Hope that helps!
     
    0
  • Chin Sin - OCBC

    Hi,

    Is there a way to set different password policies for different account?

    For example, service account used for monitoring?

    0
  • Jupete Manitas
    Zendesk Customer Care
    Hi Ong Chin Sin, thanks for writing in! 
     
    There is no native functionality that caters to different password policies directly. Users will share access or password security level. I recommend checking this consolidated guide about Zendesk sign-in settings. You mentioned the 'service account', assuming you have one user in your organization who will work as a service account and will access your zendesk for security purposes. You may look into the API token - API tokens can be used by anyone on the account and aren't associated with specific users. More details can be checked here Generating a new API token. Thank you!
    0

Please sign in to leave a comment.

Powered by Zendesk