Salesforce Security Guide
jNewer Version Available
Passwords
Salesforce provides each user in your organization with a unique username and
password that must be entered each time a user logs in. As an administrator, you can configure several settings to ensure that your
users’ passwords are strong and secure.
| Available in: both Salesforce Classic and Lightning Experience |
| Password policies available in: All Editions |
| User Permissions Needed | |
|---|---|
| To set password policies: | Manage Password Policies |
| To reset user passwords and unlock users: | Reset User Passwords and Unlock Users |
- Password policies—Set various password and login policies, such as specifying an amount of time before all users’ passwords expire and the level of complexity required for passwords. See Set Password Policies.
- User password expiration—Expire the passwords for all users in your organization, except for users with “Password Never Expires” permission. See Expire Passwords for All Users.
- User password resets—Reset the password for specified users. See Reset Passwords for Your Users.
- Login attempts and lockout periods—If a user is locked out of Salesforce because of too many failed login attempts, you can unlock them. See Edit Users.
Password Requirements
A password can’t contain a user’s username and can’t match a user’s first or last name. Passwords also can’t be too simple. For example, a user can’t change their password to password.
For all editions, a new organization has the following default password requirements. You can change these password policies
in all editions, except for Personal Edition.
- A password must contain at least eight characters, including one alphabetic character and one number.
- The security question’s answer can’t contain the user’s password.
- When users change their password, they can’t reuse their last three passwords.