System-Defined Password Requirements

The following password requirements are always enforced by the system and cannot be changed by an administrator:

• A prior password cannot be reused.

• There must be a significant difference between a new password and the last password. (For example, a user cannot change a password from MyWord!123 to MyWord!145.)

• Easy-to-guess passwords, such as common names, words, and strings like abcd123456 are prohibited.

• Non-ASCII characters are considered illegal characters and are prohibited.

• The minimum password length must be at least the minimum required by the selected password policy.

• Passwords must contain the appropriate variety of character types specified by the selected password policy:

  Character types are:

  • Uppercase alphabet (A, B, ... Z)

  • Lowercase alphabet (a, b, ... z)

  • Number (1, 2, 3, 4, 5, 6, 7, 8, 9, 0)

  • Non-alphanumeric ASCII characters, for example ` ~ ! @ # $ % ^ & * ) ; ' [ ] "{ }.

Immediate Feedback on Password Changes

When entering a new password, users receive immediate feedback on compliance with password requirements. An Administrator receives the same feedback when entering a user password on the Access tab of an employee, partner, vendor, or customer record.

For more information about how users can change their passwords, see Change Password Link.

Note:

The Password Criteria table are shown on any page where a user changes a password. It ensures that the user can tell whether the proposed password meets the security rules enforced by the system.

Related Topics

• NetSuite Password Requirements
• Password Settings That Can Be Modified

General Notices