1. TrackTik Help Center
  2. Policies & resources
  3. TrackTik policies

Password Policy

Updated

Overview

This article explains the password policy that applies to all user accounts on the platform. Your password policy defines:

  • what makes a password acceptable,
  • which passwords are blocked,
  • and when a password change may be required.

These regulations protect user accounts while keeping everyday access simple and predictable.

 

What is the password policy?

The password policy sets the rules that passwords must meet to be accepted by the system. These rules are designed to balance account security with ease of use, following widely accepted security best practices.

Where do I find the Settings to create a password policy for my organization? 
Go to:  Settings > Roles & Security > Password Policy

Screenshot 2026-04-28 144138.png

What makes a password acceptable?

An acceptable password must meet the following criteria:

  • Sufficient length 
    Password strength is based primarily on length rather than complex character combinations.
  • Not commonly used or predictable 
    Passwords that are widely used, easy to guess, or follow common patterns are not allowed.
  • Not known to be compromised 
    Passwords that have appeared in known data breaches or password leaks are blocked.

These checks help ensure that passwords provide meaningful protection without forcing unnecessary complexity.

 

Why some passwords are blocked

Some passwords are not allowed because they are more likely to be guessed, reused, or already exposed.

Blocking these passwords:

  • reduces the risk of unauthorized access,
  • protects users even if the same password was used elsewhere,
  • and improves overall account safety without requiring frequent resets.

This approach focuses on prevention, not punishment.

Below are examples of passwords that won’t be accepted anymore: 

  • Test123
  • Test1234
  • Password123

 

When will be users required to change their password?

Users are not required to change their password on a fixed schedule.

However, a password change may be required if:

  • There is evidence that the password has been compromised, or
  • Security systems determine that the password is no longer safe to use.

  • Everyone currently respecting the policy will be fine; only those with passwords that fall short of the requirements will be prompted to update.

     

  • Note for Admins: If you choose to update or increase the strictness of your portal's password policy, please be aware that any user who does not meet the new criteria will be immediately affected and required to update their credentials.

This ensures action is taken only when necessary, rather than interrupting users routinely.

What users will notice 

When creating or updating a password, users may see:

  • clear validation messages explaining why a password is accepted or rejected,
  • guidance indicating when a password does not meet policy requirements.

Example: 

Summary

The password policy is designed to:

  • protect accounts using proven security principles,
  • reduce unnecessary password changes,
  • and make password requirements easier to understand and follow.

By focusing on strong, sensible rules, the platform helps keep accounts secure without adding friction to daily work.

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section