By default, Gladly doesn’t automatically expire a user’s password or compel them to change it after a set number of days. But we understand that for some, this might be a required condition to comply with regulatory requirements or your internal security policies.
Set Your Password Expiration Policy #
Gladly can help you configure a 90-day password expiration policy for your users. Should you need a more custom policy than this, we highly recommend investing in an SSO solution.
Manually Reset User Passwords #
In the event of a security incident, it’s prudent that a company initiates a company-wide reset of passwords for all its users; this would help prevent a malicious user from logging into and misusing Gladly.
Users can request to reset their passwords by clicking on the “Forgot Password” link on the Gladly login page.
Password Restrictions #
Gladly imposes a few restrictions on the composition and structure of passwords to ensure the passwords you and your fellow users adopt are as secure as can be.
To be accepted, a password must:
- Have at least one lowercase character
- Have at least one uppercase character
- Have at least one number
- Have at least one special character
- Be at least 8 characters long
- Be different from your last 4 passwords
Guidance on password policies #
Consider having a passphrase instead of a password #
A passphrase is a password comprising a sequence of words with numeric and/or symbols (e.g., Myfavorite5ong!). A passphrase has the benefit of being easier to remember yet complex enough that it isn’t easily guessed.
Change your password periodically.
As a general rule, we recommend changing your password every 90 days. You may even want to implement different policies based on the user level – for example, an Administrator or Team Manager should change their password more often than an Agent or Agent Plus since they have more privileges within Gladly.
Have regular training and publicize procedures around safe password management #
Proper training is key to a safe and secure Gladly. Hold regular training sessions for users to inform and reinforce safe password management practices, like never writing down a password, not using automatic login functionalities, and never giving or asking for another user’s password.
Companies should also never ask a user for their passwords and make it clear to users that they will never ask them, or Gladly, to provide their usernames or passwords for any purpose.
Have a contact person or team that users can report suspicious behavior to #
If users receive any suspicious requests or notice any unusual activity, they should be able to report those incidents to a specific person or team within the company.
