Adjusting the Passwords Policy Settings

Docebo has introduced a new, more secure, password policy to enhance your platform’s security.

Some settings will be automatically applied to the new LMS but  you will always be able to change some of the settings through the related options in the Admin – Advanced settings – Password tab.

password policy

In the new LMS, passwords must contain at least 6 characters. You can change this option by editing the value in the Password length, minimum number of characters field.

Schermata 2015-12-01 alle 12.35.53

Passwords cannot solely contain sequences or repeated characters (i.e., 12345678, 222222, abcdefg) OR adjacent key placement (qwerty).  The passwords cannot be COMMON password terms like ‘password’, ‘password123’, ‘changeme’, ‘admin’, ‘administrator’, etc. These policies are forcibly applied across all the platforms.

If the passwords are generated by the system, the user will be required to change it at first login. This option is used if you are synchronizing your users with a Salesforce Database, otherwise the system does not generate any passwords.

Please note that the users’ creation process through APIs is not affected by these rules.

Here you can find some suggestions and best practices to enhance the security of your LMS:

-Users must be required to change their password periodically (minimum 2 times per year).  Manage this through the following option:


Allow users to reset their password through an automated system. Remember: once a user is logged in they will always have the option of changing their password by clicking on the menu icon.

Schermata 2015-12-01 alle 13.08.38

If they are not logged in they can retrieve a forgotten password through the lost password link.

Schermata 2015-12-01 alle 14.41.43
– Do not allow passwords that contain personal information (person’s name, birthday, passport number, userID, family name, pet, etc.).
– Passwords are not usually recognizable from a dictionary, i.e., password-cracking programs typically use words from a dictionary to guess a password. However, Docebo allows you to activate the Password dictionary check whereby the system performs a test using a collection of common passwords and English words.

Password policy check
– Block access to a user’s account after 10 failed password tries, with a warning note before the last attempt. Docebo allows you to set up a more restrictive policy by managing the number of attempts in this area: Admin – Advanced Settings – Users.

If the maximum number of failed attempts is reached, the user is blocked from accessing the system for one hour.  Remember: there is not a way to manually reset the counter from the admin side.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk