By default, QBank only enforces a minimum length on account passwords. QBank is however fully capable of supporting the common password requirements. After activating the password policy in your QBank, you can define:
- Minimum and maximum length
- Minimum and maximum age, i.e. the minimum duration a password must be used before you can change it, as well as the maximum duration a password can be used before you have to change it
- Character types, make sure a password contains at least one lower case/upper case/number/special character
- Prevent reuse, i.e. make sure a user can not use one of her last X passwords
- Prevent use of personal information in the passwords, for example name, username, email etc.
- Blacklist words, for example the company name, common passwords "qwerty123", etc.
The password policy also controls how many times a user may attempt logins and fail before the account is locked, either permanently or with a cooldown period.