Set up 8x8 Authentication

8x8 Password Policy 8x8 Authentication defines a mechanism for securing user accounts. Administrators can define a set of password rules for enhanced security. The rules, set by administrators, encourage users (administrators, end-users, agents, and supervisors) to employ strong passwords, and ensure proper usage and account protection.

Note: The 8x8 Authentication applies to authentication via 8x8 login credentials only. They do not apply to Single Sign-on integration with Identity providers such as Okta or Microsoft Azure AD.


  • Timed password expiration forcing a periodic password change.
  • Password history to remember a specified number of previously used passwords which prevents re-use.
  • Minimum password length of 8-25 characters.
  • Password complexity requirements, such as a mix of alphanumeric characters or a mix of upper and lowercase alpha with numeric characters. Special characters can be optional.
  • Invalid login attempts locking users out temporarily.
  • Account lockout for a specific time or until reset by the administrator in case of invalid login attempts.
  • Configure Multi-Factor Authentication challenge frequency for all users. As an admin, you can set up to check MFA on a user device every selectable x days, up to 90 days.

Set up 8x8 Authentication

To access and set up 8x8 Authentication:

  1. Log into the 8x8 Admin Console.
  2. From the menu select Identity and Security.
  3. Under 8x8 Authentication , enable and select a suitable value for the following options:

    Note: By default, all options are disabled except the password complexity and minimum password length.

    Password Policies General Description Policy Options
    Password complexity requirement Defines if a password must be set with a certain complexity. Must mix upper and lower case alpha and numeric May contain symbols (optional)
    • Must mix upper and lower case alpha and numeric
    • May contain symbols (optional)
    Minimum length

    Defines a minimum length for a password. Restricts agents from choosing a password less than the specified length.

    Note: By default, the minimum length is 8 characters long. Minimum of 8-25 characters

    Minimum of 8-25 characters
    Password expires (In increments of 30 days) If disabled, passwords do not expire. Defines how long a password is alive. After the specified duration, the password expires and needs to be changed.
    • 30 days
    • 60 days
    • 90 days
    • 180 days
    • 360 days

    Enforce Password History

    If disabled, no passwords are remembered

    Defines the number of previous passwords (or no passwords) to be remembered by the system. It prevents users from using the previous passwords when creating a new one. 1-10 passwords remembered

    Invalid login attempts

    If disabled, invalid login attempts will not lock you out.

    Defines the maximum invalid login attempts before the system locks users out. 1-10 characters 1-10 attempts

    Lockout duration indefinitely.

    If disabled, the user remains locked out until the password is reset.

    Defines the lockout duration before a user is allowed to try to login again.

    Note: You must set a lockout duration if you have set invalid login attempts failing which users will be locked out

    1-60 minutes
    Configure the Multi-Factor Authentication (MFA) challenge frequency for all users

    Configure the recheck MFA on a user device every selectable x days.

    • Minimum value - Always (check MFA at every login).
    • Maximum value - 90 days (default value).
  4. Save the settings.