You can set up different levels of password security using Freshdesk for your agents and customers. By default, any password must contain a minimum of 8 characters and must not contain the username. 

You can also opt for advanced settings and set up custom password policy like the password expiration time or the minimum password length. The more sensitive the data your agents/customers have access to, the more stringent your password rules must be. Please note that you will not be able to set up password policies if your SSO is enabled.

Quick guide to setting up your password policy:

  • Login to your helpdesk as an administrator
  • Go to Admin > Security
  • Under the Password Policy section, you can choose the "default" or the "advanced" option for agents and customers. 
  • If you choose the advanced policy, among other options, you will be able to 
    • choose the minimum number of characters required for the password, 
    • decide when the passwords should expire, 
    • control the repetition of passwords, using the corresponding drop downs.
  • You can also choose to have alphanumeric characters, mixed cases and special characters in the passwords.
  • Once you make the changes, hit save.

What happens after the changes are made:

  • Any change you make in the password section will take 4-8 hours to be implemented.
  • If the changes are made to the agent password policy, 
    • the agents who are logged in will be prompted to change their passwords for at least an hour after which they will be logged out. They can login again after setting up a new password that complies with the policy changes.
    • the agents who are not logged in will be made to change their passwords the next time they try to log in.

  • If the changes are made to the contact password policy, customers will be made to change the password the next time they try to log into your helpdesk. If the implementation of the password happens when they have logged in, they will be logged out.

For existing users:
If you are an existing user (account created before 17 October 2015), you will have an additional "None" option under Admin > Security > Password Policy for the time being. Please be advised that it's better to set up a password policy as soon as possible because if you haven't changed the policy for a month, you will be automatically migrated to the default policy.

Once you set up a default or advanced policy, you will not be able to go back to the "None" option.