System-Defined Password Requirements

The following password requirements are always enforced by the system and cannot be changed by an administrator:

• A prior password cannot be reused.

• There must be a significant difference between a new password and the last password. (For example, a user cannot change a password from MyWord!123 to MyWord!145.)

• Easy-to-guess passwords, such as common names, words, and strings like abcd123456 are prohibited.

• Non-ASCII characters are considered illegal characters and are prohibited.

• The minimum password length must be at least the minimum required by the selected password policy.

• Passwords must contain the appropriate variety of character types specified by the selected password policy:

  Character types are:

  • Uppercase alphabet (A, B, ... Z)

  • Lowercase alphabet (a, b, ... z)

  • Number (1, 2, 3, 4, 5, 6, 7, 8, 9, 0)

  • Non-alphanumeric ASCII characters, for example ` ~ ! @ # $ % ^ & * ) ; ' [ ] "{ }.

Immediate Feedback on Password Changes

When entering a new password, users receive immediate feedback on compliance with password requirements. An Administrator receives the same feedback when entering a user password on the Access tab of an employee, partner, vendor, or customer record.

For more information about how users can change their passwords, see Change Password Link.

Note:

The Password Criteria table are shown on any page where a user changes a password. It ensures that the user can tell whether the proposed password meets the security rules enforced by the system.

Related Topics

NetSuite Password Requirements

Password Settings That Can Be Modified

General Notices