14th November 2019

Password policy – important updates

As part of our continued efforts to improve user security and experience, we are rolling out improvements to password expiry settings globally. The new Default password policy setting will be ‘never expire’. The previous default for expiry was 180 days.

Although the default setting is changing Clients who have previously set their own password expiry period will not be migrated to the new default. New implementations will use the default setting. However, Travel Managers can elect to adjust their password expiry values at any time to apply their corporate standard or program preferences. Adjustments to the setting are done online in the Company Profile Settings page.

Note: The default setting is different from the recommended password policy which is stricter than the default policy. The recommended policy is shown on the password policy page.

Good to know:

  1. Minimum number of characters: Default – 7, Recommended – 8
  2. Special Characters: Default – optional, Recommended minimum – 1
  3. Numeric Characters: Default minimum – 1, Recommended minimum – 1
  4. Upper case: Default: minimum 1, Recommended- minimum 1
  5. Password expiry: Default – never expires, Recommended – 90 days
  6. Maximum number of valid attempts: Default – 6, Recommended – 6
  7. Password history: Default – Last 3 passwords can’t be reused, Recommended – 4