You can enforce password rules in your Rocket.Chat workspace to ensure users create strong and unique passwords. This is one of the quickest ways to protect accounts and identities.
You must have administrator permissions to configure password policies.
Configure password policy
To configure password policies, go to Administration > Workspace > Settings > Accounts > Password Policy. When enabled, all new passwords must comply with the configured rules. Existing passwords are not affected.
You can then configure the following options:
Setting | Description |
|---|---|
Enable Password Policy | Require new passwords to follow the configured rules. |
Minimum Length | Minimum number of characters required. Set to |
Maximum Length | Maximum number of characters allowed. Set to |
Forbid Repeating Characters | Prevents users from using the same character repeatedly in sequence. |
Max Repeating Characters | Number of times a character can repeat before it’s disallowed. (Default: 4) |
At Least One Lowercase | Requires at least one lowercase letter. |
At Least One Uppercase | Requires at least one uppercase letter. |
At Least One Number | Requires at least one numerical digit. |
At Least One Symbol | Requires at least one special character (for example: |
Example
A strong password policy might require:
A minimum length of 12 characters
At least one uppercase letter, one lowercase letter, one number, and one symbol
No more than three repeating characters in sequence
This ensures users create strong, hard-to-guess passwords.
Set password history
You can prevent users from reusing their recently used passwords. To configure these settings, go to Administration > Workspace > Settings > Accounts > Password History.
Setting | Description |
|---|---|
Enable Password History | When enabled, users cannot update their password to one of their most recently used passwords. |
Password History Length | Defines how many of the most recently used passwords are blocked from reuse. |
You can also view your workspace’s password policy using the REST API: Get Password Policy