Set Password Policy and History

Prev Next

You can enforce password rules in your Rocket.Chat workspace to ensure users create strong and unique passwords. This is one of the quickest ways to protect accounts and identities.

You must have administrator permissions to configure password policies.

Configure password policy

To configure password policies, go to Administration > Workspace > Settings > Accounts > Password Policy. When enabled, all new passwords must comply with the configured rules. Existing passwords are not affected.

You can then configure the following options:

Setting

Description

Enable Password Policy

Require new passwords to follow the configured rules.

Minimum Length

Minimum number of characters required. Set to -1 to disable. (Default: 8)

Maximum Length

Maximum number of characters allowed. Set to -1 to disable.

Forbid Repeating Characters

Prevents users from using the same character repeatedly in sequence.

Max Repeating Characters

Number of times a character can repeat before it’s disallowed. (Default: 4)

At Least One Lowercase

Requires at least one lowercase letter.

At Least One Uppercase

Requires at least one uppercase letter.

At Least One Number

Requires at least one numerical digit.

At Least One Symbol

Requires at least one special character (for example: ! @ # $ %).

Example

A strong password policy might require:

  • A minimum length of 12 characters

  • At least one uppercase letter, one lowercase letter, one number, and one symbol

  • No more than three repeating characters in sequence

This ensures users create strong, hard-to-guess passwords.

Set password history

You can prevent users from reusing their recently used passwords. To configure these settings, go to Administration > Workspace > Settings > Accounts > Password History.

Setting

Description

Enable Password History

When enabled, users cannot update their password to one of their most recently used passwords.

Password History Length

Defines how many of the most recently used passwords are blocked from reuse.

You can also view your workspace’s password policy using the REST API: Get Password Policy