For NetSuite users who log in with a non-customer center role, password validation combines the following:
Account settings that can be modified by administrators. See Password Settings That Can Be Modified.
System requirements that cannot be modified. See System-Defined Password Requirements.
PCI DSS requirements that apply to users with either the View Unencrypted Credit Cards permission or the View Unencrypted ACH Account Numbers permission. See PCI Compliance Password Requirements.
Users are locked out for 30 minutes after five consecutive attempts to log in to NetSuite with an incorrect password. For more information, see User Access Reset Tool.