You can enforce password rules for your Rocket.Chat workspace users so that they create unique and strong passwords. This is one of the easiest and quickest ways to protect user accounts and identities. This document shows how you can define password rules. Make sure that you can access your workspace with the administrator role or permissions.
Set password policy
Define password rules that your users must follow. For example, strong passwords must be at least 12 or 14 characters long and consist of a combination of uppercase and lowercase letters, numbers, and symbols.
To access these settings, go to Administration > Workspace > Settings > Accounts > Password Policy tab.
Field | Description |
|---|---|
Enable Password Policy | Enable this option so that new user passwords must follow the corresponding configured policies. |
Minimum Length | Set the minimum length of passwords that users must create. Enter |
Maximum Length | Set the maximum length of passwords that users must create. Enter |
Forbid Repeating Characters | Enable this option so that passwords do not contain the same character repeating next to each other. |
Max Repeating Characters | Set the number of times a character can be repeated. |
At Least One Lowercase | Enforce that a password contains at least one lowercase character. |
At Least One Uppercase | Enforce that a password contains at least one uppercase character. |
At Least One Number | Enforce that a password contains at least one numerical character. |
At Least One Symbol | Enforce that a password contains at least one special character. |
Set password history
You can also prevent users from repeating recently used passwords. To access these settings, go to Administration > Workspace > Settings > Accounts > Password History tab.
Field | Description |
|---|---|
Enable Password History | When this option is enabled, users cannot set their passwords to some of their most recently used passwords. |
Password History Length | Set the number of most recently used passwords to prevent users from reusing them. |
You can view your workspace’s password policy using the REST API endpoint: Get Password Policy