By default, Gladly doesn’t automatically expire a user’s password or compel them to change it after a set number of days. But we understand that for some, this might be a required condition to comply with regulatory requirements or your internal security policies.
Set password expiration policy
Gladly can help you configure a 90-day password expiration policy for your users. Should you need a more custom policy than this, we highly recommend investing in an SSO solution.
Manually reset user passwords
In the event of a security incident, it’s prudent that a company initiate a company-wide password reset for all its users; this would help prevent a malicious user from logging into and misusing Gladly.
Users can request to reset their passwords by clicking on the "Forgot Password" link on the Gladly login page.
Password restrictions
Gladly imposes a few restrictions on the composition and structure of passwords to ensure the passwords you and your fellow users adopt are as secure as can be.
To be accepted, a password must:
Have at least one lowercase character
Have at least one uppercase character
Have at least one number
Have at least one special character
Be at least 8 characters long
Be different from your last 4 passwords
Guidance on password policies
Consider having a passphrase instead of a password
A passphrase is a password comprising a sequence of words with numeric and/or symbols (e.g., Myfavorite5ong!). A passphrase has the benefit of being easier to remember yet complex enough that it isn’t easily guessed.
Change your password periodically.
As a general rule, we recommend changing your password every 90 days. You may even want to implement different policies based on the user level; for example, an Administrator or Team Manager should change their password more often than an Agent or Agent Plus since they have more privileges within Gladly.
Have regular training and publicize procedures around safe password management
Proper training is key to a safe and secure Gladly. Hold regular training sessions for users to inform and reinforce safe password management practices, like never writing down a password, not using automatic login functionalities, and never giving or asking for another user’s password.
Companies should also never ask users for their passwords and make it clear to users that they will never ask them, or Gladly, to provide their usernames or passwords for any purpose.
Have a contact person or team that users can report suspicious behavior to
If users receive any suspicious requests or notice any unusual activity, they should be able to report those incidents to a specific person or team within the company.