Set up 8x8 Password Policy

8x8 Password Policy defines a mechanism for securing user accounts. The policy offers a set of password rules for enhanced security. The rules, set by administrators, encourage users (administrators, end-users, agents, and supervisors) to employ strong passwords, and ensure proper usage and account protection.

Note: The 8x8 Password Policy applies to authentication via 8x8 login credentials only. They do not apply to Single Sign-on integration with Identity providers such as Okta or Microsoft Azure AD.


  • Timed password expiration forcing a periodic password change.
  • Password history to remember a specified number of previously used passwords which prevents re-use.
  • Minimum password length of 8-25 characters.
  • Password complexity requirements, such as a mix of alphanumeric characters or a mix of upper and lowercase alpha with numeric characters. Special characters can be optional.
  • Invalid login attempts locking users out temporarily.
  • Account lockout for a specific time or until reset by the administrator in case of invalid login attempts.
  • Password reset for any user at any time. An administrator can initiate the password reset that sends an email to users.

Set up password policies

To access and set up 8x8 Password Policy:

  1. Log into the 8x8 Admin Console.
  2. From the menu select Identity Management.
  3. Under Password Policy, enable and select a suitable value for the following options:

    Note: By default, all options are disabled except the password complexity and minimum password length.

    Password Policies General Description Policy Options
    Password complexity requirement Defines if a password must be set with a certain complexity. Must mix upper and lower case alpha and numeric May contain symbols (optional)
    • Must mix upper and lower case alpha and numeric
    • May contain symbols (optional)
    Minimum length

    Defines a minimum length for a password. Restricts agents from choosing a password less than the specified length.

    Note: By default, the minimum length is 8 characters long. Minimum of 8-25 characters

    Minimum of 8-25 characters
    Password expires (In increments of 30 days) If disabled, passwords do not expire. Defines how long a password is alive. After the specified duration, the password expires and needs to be changed.
    • 30 days
    • 60 days
    • 90 days
    • 180 days
    • 360 days

    Enforce Password History

    If disabled, no passwords are remembered

    Defines the number of previous passwords (or no passwords) to be remembered by the system. It prevents users from using the previous passwords when creating a new one. 1-10 passwords remembered

    Invalid login attempts

    If disabled, invalid login attempts will not lock you out.

    Defines the maximum invalid login attempts before the system locks users out. 1-10 characters 1-10 attempts

    Lockout duration indefinitely.

    If disabled, the user remains locked out until the password is reset.

    Defines the lockout duration before a user is allowed to try to login again.

    Note: You must set a lockout duration if you have set invalid login attempts failing which users will be locked out

    1-60 minutes
  4. Save the settings.