Setting password rules in the Enpass Admin Console

Under this policy, administrators can define their organization’s password policies including password-generation and expiry rules. Enpass application enforces these policies when new passwords are created with the Password Generator and flags any noncompliant passwords.

Password Policy

Adding Password Rules

When accessing the password policy settings for the first time, administrators will be prompted to add either:

  • Add Master Rule – A default rule that applies to all domains unless a specific rule exists.
  • Add Domain-Specific Rule – A customized rule for a particular domain, overriding the default rule.

Master Rule (Global Password Policy)

The Master Rule sets the baseline for password security in your organization. It applies everywhere unless overridden by a domain-specific rule

Add Default Rule

  1. Random Passwords
    • Minimum / Maximum Length – Control password length for stronger protection.
    • Uppercase Letters – Require at least one uppercase letter.
    • Digits – Ensure every password contains numbers.
    • Symbols:
      • All – Allow all symbols.
      • Include – Specify which symbols must be used.
      • Exclude – Block certain symbols that may cause issues on some websites.
  2. Pronounceable Passwords
    • Minimum / Maximum Words – Define how many words a password should contain.
    • Uppercase Letters – Require at least one uppercase letter.
    • Digits – Ensure every password contains numbers.

Password Expiry Rule

If password expiry after specific interval is a part of your organization password policy, this rule allows admin to specify the interval.

  • If Expiry is Disabled – Passwords remain valid indefinitely and never flagged expired.
  • If Expiry is Enabled – Administrators can specify expiry intervals after which the passwords will be flagged as expired in Enpass.

Domain-Specific Password Rules

Some websites have unique password requirements that might not align with your global policy. In these cases, you can set Domain-Specific Rules:

  • Add the website under Domain-Specific Rules.
  • Define the rules that match the site’s requirements.

These rules always take priority over the Master Rule for that domain, ensuring compatibility without compromising overall organizational security.

Related topics