The purpose of this Password Policy is to ensure that all user accounts are protected with strong, secure passwords that reduce the risk of unauthorized system access and safeguard organizational and user data.
This policy applies to:
All users accessing the application
All modules, services, and pages where a login or password update is required
Both internal and external users of the system
Password length must be greater than 8 and less than 15 characters.
The password must contain at least the following:
One uppercase alphabet (A–Z)
One lowercase alphabet (a–z)
One numeric digit (0–9)
One special character, such as:@, #, $, %, &, *, !
@, #, $, %, &, *, !
The password must not contain the username or email address.
The password must not contain simple or common patterns, such as:
123456
password
qwerty
Password must not contain more than 3 repeating characters in sequence, such as:
aaaa
1111
!!!!
The user cannot reuse previously used passwords.
The system will validate against previously stored passwords and reject repeated values.
The Confirm Password field must match the Password field exactly.
Mismatched passwords will show a validation error.
When user types a password, green success indicators appear below the password field:
Length condition met
Uppercase present
Lowercase present
Number present
Special character present
If any requirement fails, the corresponding rule remains inactive.
If the password does not meet the policy, the system displays:
Password does not meet the password policy requirements.
If the confirmation does not match:
Confirm Password must match the Password.
This policy ensures:
Strong user credentials
Reduced chances of unauthorized system access
Compliance with industry-level security practices
Protection of sensitive user and system information
Every password update may be logged with:
User ID
Time of password change
Result (Success / Failed)
Reason (Policy violation, mismatch, etc.)