Password Requirements and Expiration

See Also: Multifactor Authentication and Single Sign On Integrations


LegalServer enforces the following requirements for user account passwords.

  • Must have at least 1 letter and 1 number
  • Minimum length is 12 characters
  • Cannot be a series of letters ending with either 1, 12, 123, or 1234
  • Cannot be 1234abcd or 1234qwerty
  • Special characters like ! @ # $ % ^ & * ( ) { } are supported. And probably encouraged by your agency.

Site administrators can add additional requirements on the Admin > Site Settings page in the Security Settings section:

  • Passwords must contain least one upper case character
  • Passwords must contain at least one lower case character
  • Passwords must contain at least one special character

Changing any or all of these options to "Yes" will only affect newly chosen passwords.

Expiring Passwords

LegalServer does not expire passwords by default. Password expiration is no longer recommended by NIST (SP 800-63B Section

Site administrators can change this on the Admin > Site Settings page.

Users with an expired password are taken to the "Change Password" page after logging in with an expired password.

Note: Selecting a password expiration takes effect immediately and applies retroactively. For example, if a site is not using password expiration then selects 90 days, all users who have not changed their password in 90 days will be forced to change their password on the next login.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us