All Collections
Manage teams, users, and groups
Settings and features
Secure password configuration
Secure password configuration

Enforce your users on the team level to set strong complex passwords.

Ilya Krukowski avatar
Written by Ilya Krukowski
Updated over a week ago

This feature is available on the Enterprise plan.

Secure password configuration allows you to define custom password policies for all users of the team. With this feature you can be sure that all members of the team are utilizing strong passwords and change them on a regular basis.

Index

Getting started

To get started with this feature, you must be a team owner, biller, or an admin.

Click on the avatar in the bottom left corner and choose Team settings:

Proceed to the Advanced security tab and tick the Enable Secure password configuration option:

Now you'll need to define your password policy.

Defining password policy

After enabling the secure password configuration, you're going to see the following options:

  • User password expires in โ€” how often users will be prompted to change their passwords. When a password expires, users will be prompted to change their password upon the next login. Available values:

    • 30 days

    • 60 days

    • 90 days

    • 180 days

  • Remember password history โ€” when this option is enabled, Lokalise will remember last passwords users have set and won't allow them to re-use the same passwords. Available values range from 1 to 10 remembered passwords.

  • Minimum password length (from 8 to 255 characters) โ€” the minimum password length.

Please note that the Complexity option has been removed because now all the password must meet the following requirements:

  • Has a lowercase character

  • Has an uppercase character

  • Has a non-alpha character

  • The password cannot be the same as the user's email

  • The password has not been compromised in haveibeenpwned.com database

Previously some of these requirements could be turned off but this is not the case anymore. This change has been introduced to increase the overall security level.

Secure password configuration enforced for the users

Existing users

After you have defined a password policy, it will be enforced for all users of the team. If a user's password does not meet the new requirements, that user will not be able to enter the corresponding team. Upon logging in, s/he will see the following screen:

After clicking the Change password button, the user will be brought to his/her personal profile and will be asked to change the currently set password. All password requirements according to the defined policy will be summed up in the top of the dialog box:

All users will also receive notification emails with a "change password" link:

Admin who changes secure password configuration settings will be enforced to change the password on the next login. Otherwise, they will see a message prompting to change the password:

After changing the password to a proper one, the user will be able to continue working within the team.

New users

If a new user joins the team with the secure password configuration enabled, s/he will also be prompted to set the password according to the defined policies:

Edge cases and more complex scenarios

  • A user can be a member of multiple teams. Some teams may enforce secure passwords whereas other teams may have this feature disabled. If the user's password does not meet the enforced requirements, s/he will be able to work only within the teams that do not require strong passwords. To enter other teams, this user must change his/her password.

  • If a user is a member of two teams with different policies configured, these policies will be summed up and the user will have to comply with the most restrictive rules in order to work in both teams. For example, suppose John is a member of two teams with the following policies:

    • Team A: password must include characters, numbers and contain 10 letters

    • Team B: password must include characters, special symbols and contain 8 letters

      If John's password contains characters, special symbols, and its length is 9 characters, John will be able to work within Team B but not within Team A. However, if his password contains characters, special symbols, numbers, and its length is 11 characters, John can work in both teams.

  • If you add a newly registered user to your team with the secure password configuration enabled and this user has a very weak password (which does not meet the requirements), this user will not be enforced to change his/her password. This is due to the fact that according to the security standards, our system does not know the password of the user. Therefore, we cannot "understand" whether the existing password of a newly joined user is "better" or "worse" than the minimal policy requirements. However, if you disable and then enable the secure passwords feature, users will be enforced to change their passwords.

    • This limitation applies only to already registered users that you invite to the team. This, however, does not apply to new users that are not yet created in our system.

    • Therefore, our recommendation is to invite new users who do not have a Lokalise account yet. Alternative recommendation is to enable the setting to rotate the passwords inside a team (Remember password history), so that passwords of all affected users are updated on the next rotation.

  • If you move a project from a team without secure passwords feature enabled to a team with password policy in place, all contributors of this project will be enforced to change their passwords (if their current passwords do not meet the requirements). This is because moving the project between teams also means moving the project contributors.

Related Articles
Team settings
Team visibility
PingIdentity SAML
Okta SAML
OneLogin SAML
Did this answer your question?