Password policy set-up

As Adminstrator you can manage the password settings for the users within your FleetGO account, so these are (more) in line with your company’s policy.

Via the option Account settings in the top right drop-down menu you can reach the Customise customer settings page.

Settings

On tab Password Policy you will find the various settings you can make mandatory for your users.

• Minimum length: minimal number of characters in total
• Minimum uppercase: minimal number of characters in uppercase
• Minimum lowercase: minimal number of characters in lowercase
• Minimum digits: minimal number of digits (numbers)
• Minimum special chars: minimal number of special characters
• Unique passwords history: the number of changed passwords before an user can reuse an old one
• Days valid: the period in days before an user is prompted to change password
• Maximum of failed logins: after this event the user account will be blocked
• Block inactive after days: if user has been inactive on the FleetGO platform for this period the user account will be blocked

Did you save changes to these Password settings? Then your users, when they log in, will be prompted to change their password when it does not comply with the new rules.

Minimum lenght

In The Netherlands FleetGO platform has the SKRRS quality mark. This SKRR quality mark requires from FleetGO that users of the platform use a password of minimal length of 12 characters.
Also this minimal length is becoming more-and-more the best practise (see below).

When you try to change the password settings a minimum length of 12 characters will become mandatory.
Other settings are not made mandatory when you change the password policy.

It is considered best practice to use a mixture of these settings.

Best practices for password policies

Length
The shorter the password, the easier it is to crack. The minimum acceptable length for a strong password is at least eight characters according the ISO standard. Currently this practice is under change and a minimum of 12 characters is becoming favorite: also referred to users as to ‘use a password sentence’.

Complexity requirements
Creating a lengthy password is only effective when it is difficult to decode.
An user that incorporates standard words (like ‘welcome’ or ‘admin’) and easy to guess content as: city name, own name or name of child or pet, creates weakness. Ask them to use less obvious contents.

The key to a complex password is requiring your users to use a mix of characters: lower case, upper case, digits (numbers) and special characters. Often the usage of at least 1 of each type is set as required.

Periodic update
No matter how complex and hard to crack a password may be, it is not impossible when someone is using hacking tools. It is adviced to require an update every 90 or 180 days.

Recommendation
To enhance security it is adviced to also consider the usage of Multifactor authentication or to implement Single sign-on (with Microsoft account) for the log-in flow of your account on the FleetGO platform.