The following minimum password standards are used by default for all user/administrator
passwords within the OrangeHRM application.
|Password Strength Calculation||Medium|
|Minimum Number of Characters||8|
|Password Expire After||90 days|
|Account lockout Threshold||10 attempts|
|Captcha Threshold||3 attempts|
|Account Unlock Period||1 hour|
Note - Clients need to make a special request through a higher authority should they wish to amend any of the above settings as below.
Password Strength Calculation Logic
- The password strength is calculated by considering how much time it would
computationally take to identify the password
- The following table shows how the strength is defined based on the time that takes to
break the password
Password Strength Color Codes
In the system, when a user changes a password or adds a new password, the following color
codes are shown to indicate the strength of the password.
The below image shows the password field when the user types the password.
Other validations related to the password field appears below the strength validation. The help
text shown above assists the user in creating strong passwords "For a Strong Password, Please
use a hard to guess the combination of text with upper and lower case characters, symbols and
- The following matrix show some password examples and their strength levels
- Using symbols, numbers, uncommon text and higher length of text, increases the
password strength. Using simple common words (even though some letters replaced by
the symbols), names decrease the strength of the password.