Password policies
The password policy for an organization is an essential component to enforce users to follow the best practices to set passwords.
The navigation path to set the password policy for the admin is Setup | Security Controls | Password Policies.
The settings that can be configured in relation to the password policy are as follows:
The expiry date of the password (default is 90 days). Keep this optimal so that users are enforced to change the password frequently to avoid hacking.
Enforcing password history. This is important to prevent users from repeating the same password every time.
The minimum length of the password and its complexity.
The number of invalid attempts that the system can allow before locking the user.
The effective locking period and also a checkbox to obscure the secret answer to reset the password.
The following screenshot shows the Password Policies settings page for an administrator; one can configure the previously mentioned parameters here: