How password policy and password management works in BoldSign?

BoldSign allows administrators to configure password requirements and password rules for all users in the organization. These settings help enforce strong credentials, improve account security, and reduce unauthorized access.

Configure Password Requirements

Password Requirements define the complexity rules users must follow when creating or updating their passwords. Administrators can choose from predefined levels or create a custom configuration.

To configure password requirements

1. Go to Settings.
2. Select Business Profile.
3. Locate the Password Requirements section.
4. Choose a complexity level.
5. Click Save changes.
   All users in your organization must follow the selected password complexity when creating or updating their passwords.

Password Requirement Options

Basic
Minimum security. Requires at least 8 characters with no character type restrictions.

Standard (default)
Requires a minimum of 8 characters and must include uppercase and lowercase letters, numbers, and special characters. This option provides a balanced level of security and is recommended for most organizations.

Strong
Requires at least 12 characters with uppercase and lowercase letters, numbers, and special characters. Suitable for organizations that require higher security.

Custom
Allows you to define your own password complexity by setting a minimum length between 8 and 32 characters and choosing whether to require

• Uppercase letters (A–Z)
• Lowercase letters (a–z)
• Numbers (0–9)
• Special characters

Use this option if your organization has specific security or compliance requirements.

Configure Password Rules

Password Rules control how passwords are managed over time, including expiration, reuse restrictions, and account lockout settings.

To configure password rules

1. Go to Settings and select Business Profile.
2. Locate the Password Rules section.
3. Choose a policy:: Basic (default), Standard, Strict, or Custom.
4. Click Save changes.
   These rules apply to all users in your organization.

Password Rule Options

Basic (default)
Designed for low-risk environments, this option does not enforce password expiration, allows password reuse, and locks the account after 5 failed login attempts.

Standard
Designed for organizations that require balanced security, this option enforces password expiration every 180 days, prevents reuse of the last 3 passwords, and locks the account after 5 failed login attempts.

Strict
Designed for high-security environments, this option enforces password expiration every 90 days, prevents reuse of the last 5 passwords, and locks the account after 3 failed login attempts.

Custom
Designed for organizations with specific security or compliance requirements, this option allows you to configure the

• Password expiration period (30–180 days)
• Password reuse history (1–10 previous passwords)
• Account lockout threshold (1–10 failed login attempts)

How Each Setting Works

Password Expiration
Forces users to update their password after a specified number of days.

Password Reuse
Prevents users from reusing recently used passwords, encouraging stronger password practices.

Account Lockout Threshold
Temporarily locks the account after multiple failed login attempts to protect against unauthorized access.

Password Expiration and Update

If password expiration is enabled, users are required to update their password when it expires. Access to the account is restricted until a new password is set.
Change Expired Password Page

When users are prompted to update their password during sign-in:

1. Enter a New Password.
2. Re-enter the same password in Confirm Password.
3. Click Set New Password to save the changes.

The password must meet the organization’s password requirements and must not match any recently used passwords (if reuse restrictions are configured).
After the password is updated successfully, users will be redirected to the login page and can sign in using their new password.

When Password Policies Apply

The configured Password Requirements and Password Rules are enforced across all user password actions. Users must comply with the organization’s password policy in the following scenarios:

• Changing their password from the account settings
• Updating an expired password
• Resetting the password using the Forgot Password option
• Setting a password for the first time after accepting a user invitation

If the entered password does not meet the configured requirements or reuse restrictions, the user will be prompted to create a password that complies with the organization’s policy.