Purpose:
Enhance the security by implementing a regular password rotation procedure.
Frequency of Rotation:
Users must change their passwords at least every 90 days by default.
Organizations may specify intervals such as every 30, 60, 90, 180, or 270 days.
Password History:
Users cannot reuse their last five passwords.
New passwords cannot be identical to the previous one.
Limit on Password Changes:
Maximum of five attempts for password changes in a single day (24 hours).
Notifications and Reminders:
Users receive notifications via in-app or pop-ups starting 7 days before password expiration.
Notifications continue until the day of expiry.
Notification Prompt:
Users receive a notification alerting them to their password expiration.
Upon clicking the notification, users are directed to the app.
A pop-up message cautions users about potential loss of unsynchronized/ pending tasks and offers the option to proceed with password change or cancel.
Password Change Process:
If users proceed with password change, they are automatically logged out.
Upon attempting to log back in, users are prompted to change their password as a security measure.