eloomi

Depending on your internal security protocols you might wish to choose another setting for the password security level your users have to fulfil.

In the platform under <b>Admin &gt; Settings &gt; Company Details &gt; Password Settings</b>, you determine the password strength on a scale of 1-5. 

Each password level has the same character specifications:

It must include at least 1 letter (uppercase or lowercase).

At least 1 special character (!$#%-_*"€()=?^~).

- A minimum of 8 characters.
- It must include at least 1 letter (uppercase or lowercase).
- At least 1 number (0-9).
- At least 1 special character (!$#%-_*"€()=?^~).

The further levels are determined by integers as follows below.

<b>Password Security Levels by integers</b>

Scores in the password security levels (1-5) are integers from 0 to 4: 

0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0

1 is still very guessable (guesses &lt; 10^6), an extra character on a dictionary word can score a 1

2 is somewhat guessable (guesses &lt; 10^8), provides some protection from unthrottled online attacks

3 is safely unguessable (guesses &lt; 10^10), offers moderate protection from offline slow-hash scenario

4 is very unguessable (guesses &gt;= 10^10) and provides strong protection from offline slow-hash scenario

- 0 means the password is extremely guessable (within 10^3 guesses), dictionary words like 'password' or 'mother' score a 0
- 1 is still very guessable (guesses &lt; 10^6), an extra character on a dictionary word can score a 1
- 2 is somewhat guessable (guesses &lt; 10^8), provides some protection from unthrottled online attacks
- 3 is safely unguessable (guesses &lt; 10^10), offers moderate protection from offline slow-hash scenario
- 4 is very unguessable (guesses &gt;= 10^10) and provides strong protection from offline slow-hash scenario

This article aims to explain and define what the password security setting (1-5) entails.