# Password Policy

## Super Admin

New role as a 'Super Admin' who have highest access level on every platform

<figure><img src="/files/v27DttXpqVLQK3fYXqi2" alt=""><figcaption></figcaption></figure>

## Password Complexity Policy

<div align="center" data-full-width="true"><figure><img src="/files/5hbPRcS0bEKZcGUQmjUJ" alt="" width="375"><figcaption><p>Normal user</p></figcaption></figure></div>

<div align="center"><figure><img src="/files/QPAM7d5hbfNrlzfYoVBv" alt="" width="375"><figcaption><p>Super admin</p></figcaption></figure></div>

<table><thead><tr><th width="181">User Type</th><th width="147">Minimum char</th><th width="147">Maximum char</th><th>Special requirement</th></tr></thead><tbody><tr><td><p><strong>Normal User</strong></p><p></p><p>*Policy enforced for all users</p></td><td>8</td><td>-</td><td><ul><li>a combination of alphanumeric characters</li><li>uppercase and lowercase letters</li><li>special characters</li></ul></td></tr><tr><td><strong>Super Admin</strong><br><br>*Configurable by network</td><td>8</td><td>99</td><td><ul><li>a combination of alphanumeric characters</li><li>uppercase and lowercase letters</li><li>special characters</li></ul></td></tr></tbody></table>

## Password Change Frequency&#x20;

Users should be permitted to change their passwords no more than once per 24 hours, with the configuration of this policy differing for each network.

<figure><img src="/files/runaZYkg2C6Fzbi3yrvy" alt="" width="375"><figcaption></figcaption></figure>

<table><thead><tr><th>Policy</th><th width="129">Minimum</th><th width="138">Maximum</th><th data-type="checkbox">Configurable</th></tr></thead><tbody><tr><td><strong>Password Change Frequency</strong></td><td>1</td><td>12</td><td>true</td></tr></tbody></table>

## Account Lockout Policy

After the configured number of consecutive failed login attempts within 5 minutes, the account should be locked for the configured amount of time. By default, 5 times will lock for 1 hour.

<figure><img src="/files/jYoGJK0iwi60GbaynGLO" alt="" width="375"><figcaption></figcaption></figure>

<table><thead><tr><th>Policy</th><th width="129">Minimum</th><th width="138">Maximum</th><th data-type="checkbox">Configurable</th></tr></thead><tbody><tr><td><strong>Number of fail attempts</strong></td><td>1</td><td>12</td><td>true</td></tr><tr><td><strong>Range of time to locked account</strong></td><td>5</td><td>180</td><td>true</td></tr></tbody></table>

## Duplicate Password Prevention

Users should not be able to set passwords that match any of their last previously passwords. the previous password range is network-configurable, with a default of last 5 passwords.

<figure><img src="/files/c4THAN539qHEjTZkJIUn" alt="" width="375"><figcaption></figcaption></figure>

<table><thead><tr><th>Policy</th><th width="129">Minimum</th><th width="138">Maximum</th><th data-type="checkbox">Configurable</th></tr></thead><tbody><tr><td><strong>Retention limit</strong></td><td>1</td><td>12</td><td>true</td></tr></tbody></table>

## Force Change Password

Super Admin and also Normal User (Agent) should be prompted to change their password every X days.

<figure><img src="/files/0W0EmsToRdGOFGicpyBt" alt="" width="371"><figcaption></figcaption></figure>

<table><thead><tr><th width="183">User Type</th><th width="163">Minimum (day)</th><th width="160">Maximum (day)</th><th data-type="checkbox">Configurable</th></tr></thead><tbody><tr><td><strong>Normal User</strong></td><td>30</td><td>1095</td><td>true</td></tr><tr><td><strong>Super Admin</strong></td><td>30</td><td>1095</td><td>true</td></tr></tbody></table>

## Auto-Disable User

Our Auto-Disabled User Policy feature is designed to enhance the security of your account by automatically monitoring user activity and disabling inactive accounts. This policy checks for users who have not logged out for a specified period of time, ensuring that only active users have access to the system.

<table><thead><tr><th width="183">Policy</th><th width="165">Minimum (days)</th><th width="176">Maximum (days)</th><th data-type="checkbox">Configurable</th></tr></thead><tbody><tr><td><strong>Inactive user</strong></td><td>30</td><td>365</td><td>true</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.amitysolutions.com/amity-solutions/amity-bots-platform/users/password-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.