Skip to main content
Druva Documentation

Create a Password Policy


A password policy is a set of rules that encourage the use of strong passwords for ensuring added data security. Druva supports password policies for the administrators. You can define a password policy such that:

  • It is at least 12 characters long and contains at least one letter [a-z, A-Z], one numeric character [0-9], and one special character
  • A given number of preceding passwords used to login cannot be reused
  • The number of login attempts is defined
    When this limit is reached, Druva locks the account for an hour.
  • Password is changed at regular intervals

Only a Druva Cloud administrator can set up a password policy.

Enable Password Policy for Administrators

To enable password policy for administrators, perform the following steps:

  1. Click the Druva logo logo.png to access the Global Navigation Panel > Druva Cloud Settings. The Settings window appears. 


  2. In the Password Policy section, click Edit. The Edit Password Policy window appears. 


    Provide the appropriate information for each field.
    Field Action

    Enable Password Policy

    If you want to enable password policy for the administrators, select this checkbox. Additional fields appear.

     This field is grayed out and enabled by default for inSync GovCloud customers.

    Enforce Strong Password

    If you want to enforce a strong password policy, select this check box.

    A strong password is:

    • Contains minimum 12 and maximum 64 characters
    • Contains a combination of alphanumeric and special characters
    • Alphanumeric characters include numbers and upper-case and lower-case letters

    A strong password is hard to guess for people with malicious intent and secures the login experience.

     This field is grayed out and enabled by default for inSync GovCloud customers.

    Cannot Reset Password To Last

    Type the number of previous passwords that the administrator cannot use.

    For example, if you enter 3, then the administrators cannot set their new password to the current password and the previous two passwords.

    To allow the administrators to use any of their last passwords except the current password, type 0.

    Note: If you disable the password policy at a later stage, the previous passwords history is erased permanently.

    Max Invalid Login Attempts

    Type the maximum number of login attempts.

    An administrator's account is locked after the number of invalid login attempts exceeds the number you specify here. 

    Passwords Expire Every Type the number of days after which the administrator must reset the password.

    The recommended value range is 1 to 99 days. 
  3. Click Save.
  • Was this article helpful?