Login Security
Where to find it: Manage → Users
A couple of safeguards protect accounts that sign in with a password: a limit on failed login attempts, and a set of password requirements. Both apply only to standard password accounts, so they don’t affect users who sign in with Google or Microsoft.
Account Blocking
To guard against repeated guessing, an account is temporarily blocked after four failed sign-in attempts in a row. The person sees a message explaining the account has been blocked due to too many failed attempts.
Resetting the password clears the block and lets the person sign in again.
Tip If a user reports being locked out, a password reset is the way back in: it both clears the block and sets a new password.
Password Requirements
Passwords for standard accounts must meet these requirements:
• At least 12 characters long
• At least 2 uppercase letters
• At least 2 lowercase letters
• At least 2 numbers
• At least 2 symbols
Tip A short phrase with a mix of capitals, numbers, and symbols is usually both easy to remember and comfortably within these requirements.