Password Policies

5 minutes 5 Questions

Password Policies in Salesforce are essential security configurations that administrators use to protect organizational data and ensure user authentication meets company standards. These policies define the rules and requirements for user passwords across the Salesforce org. Key components of Pass…

Password Policies in Salesforce: Complete Guide for Administrators

Why Password Policies Are Important

Password policies form the first line of defense in protecting your Salesforce organization from unauthorized access. As a Salesforce Administrator, understanding password policies is crucial because:

• They protect sensitive business data and customer information
• They ensure compliance with industry regulations (HIPAA, SOX, GDPR)
• They reduce the risk of security breaches and data theft
• They establish consistent security standards across the organization

What Are Password Policies?

Password policies in Salesforce are configurable security settings that define rules for user password creation, complexity, and expiration. These policies determine how users create and manage their login credentials.

Key Components of Password Policies:

1. Password Complexity Requirements
• Minimum password length (8-128 characters)
• Requirements for uppercase, lowercase, numbers, and special characters
• Restriction on using username in password

2. Password Expiration
• Password expires in: 30, 60, 90, 180 days, 1 year, or Never expires
• Users receive notifications before expiration

3. Password History
• Enforce password history to prevent reuse
• Can remember up to 24 previous passwords

4. Lockout Settings
• Maximum invalid login attempts (3, 5, 10, or No Limit)
• Lockout effective period (15, 30, 60 minutes, or Forever)

5. Login Attempt Restrictions
• Obscure secret answer for password resets
• Require minimum 1-day password lifetime

How Password Policies Work

Where to Configure:
Setup → Security → Password Policies

Password policies apply at the organization level and affect all users. When a user attempts to create or change a password, Salesforce validates it against the configured policy. If the password does not meet requirements, the user receives an error message and must create a compliant password.

Enforcement Flow:
1. Administrator configures password policy settings
2. Policy applies to all standard users in the org
3. When users set passwords, the system validates against the policy
4. Expired passwords require users to create new passwords at login
5. Locked accounts must wait for the lockout period or admin intervention

Password Policy Settings in Detail

User Password Expiration Options:
• 30, 60, 90, or 180 days
• One Year
• Never Expires

Password Complexity Options:
• No restriction
• Must mix alpha and numeric characters
• Must mix alpha, numeric, and special characters
• Must mix uppercase, lowercase, and numeric characters
• Must mix uppercase, lowercase, numeric, and special characters

Minimum Password Length:
• Default is 8 characters
• Can be set from 8 to 128 characters

Password Question Requirement:
• Can require security question for password resets
• Cannot contain the password itself

Exam Tips: Answering Questions on Password Policies

Key Facts to Remember:

1. Location: Password policies are found in Setup → Security → Password Policies

2. Scope: Password policies apply org-wide; you cannot set different policies for different profiles through standard password policy settings

3. Lockout Options: Remember the specific values - lockout after 3, 5, or 10 attempts; lockout duration of 15, 30, 60 minutes, or Forever

4. Expiration Periods: Know that options include 30, 60, 90, 180 days, 1 year, or Never

5. Password History: Maximum of 24 passwords can be remembered

6. Minimum Length: Default is 8 characters; maximum is 128

Common Exam Scenarios:

• Questions about where to configure password settings - always Setup → Security → Password Policies
• Scenarios involving user lockouts - understand the lockout effective period options
• Compliance requirements - know which settings satisfy security requirements
• Questions about password reuse - remember the password history enforcement

Watch Out For:

• Trick questions suggesting profile-level password policies (not available in standard settings)
• Confusion between lockout attempts and lockout duration
• Questions mixing up password policies with session settings
• Options suggesting administrators can view user passwords (they cannot)

Best Practice Reminders:

• Strong passwords typically require 8+ characters with mixed complexity
• Regular password expiration (90 days) is a common security standard
• Always enable password history to prevent password reuse
• Set reasonable lockout policies to balance security and user experience

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

🎓 Unlock Premium Access

Salesforce Certified Platform Administrator + ALL Certifications

🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
5910 Superior-grade Salesforce Certified Platform Administrator practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
SF Admin: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!