Administrator > Configure your company > Set the password policy

Set the password policy

You can set the password requirements for a company using the Password Policy page. The settings on this page determine the rules each user in a company must follow when creating a login password. The password policy for each Company must be set independently.

To set the password policy:
  1. Click the Admin tab.
  2. On the Administration menu, click Password Policy.
    1. xMatters displays the current web login password policy settings:
  1. Enter the following information into the form:



Unique History

Specifies how many passwords xMatters stores for each user. Users cannot reuse a password until they have consecutively created as many unique new passwords as indicated in the field.

Minimum Length

Minimum number of characters required for each password. (Passwords in xMatters cannot exceed 30 characters.)

Required Complexity

Specifies how complex users’ passwords must be; select one of the following options:

  • None: no specific complexity is required.
  • Non-Alpha: passwords must have at least one non-alphabetic character, such as a numeric digit (0-9) or a special character (e.g., !, $, #, %, @).
  • Strong: passwords must be at least six characters long, cannot use 3 consecutive characters of the web login, and must include characters from the following four categories:
    • English upper-case letters (A-Z)
    • English lower-case letters (a-z)
    • Numbers (0-9)
    • Special characters (e.g., !, $, #, %, @)

Maximum Age

How long (in days) each password will remain valid before the User must create a new password. If a user's password has expired, they will be prompted to create a new one the next time they log into the web user interface.

Minimum Age

How long (in days) a user is required to use their password before they can change it again.

Lockout Threshold

Specifies the maximum number of consecutive invalid logins a user can attempt before their account is 'locked out', preventing them from accessing the xMatters web user interface. To disable this feature and grant Users an unlimited number of invalid login attempts, enter zero (0). The maximum value for this field is 50.

xMatters administrators can manually unlock User accounts by navigating to the Change Web Login page for the User and clicking Unlock.

Lockout Duration

Specifies how long (in minutes) a user is prevented from accessing xMatters after they exceed the number of invalid login attempts specified by the Lockout Threshold.

Lockout Reset Period

Specifies how many minutes must elapse after a User attempts an invalid login before the failed login attempt count is reset to zero. This value must be equal to or less than the Lockout Duration.

  1. Click Save to apply your changes.

The password policy settings apply to user web logins only; they are not enforced for web services users, or users added via the Data Synchronization and Import Data features. Super Administrators cannot be locked out. Additionally, you can force the expiry of a user's password; for details, see Control a user's access.