This page provides information about SmartHR's password policy.
If you have any questions about the password policy, please refer to the help page below.
In order to improve the security of SmartHR, a new recommended password policy has been put in place by SmartHR based on the opinions of various parties regarding passwords as of February 16, 2022.
In accordance with the changes to the password policy, all SmartHR users (including personnel in charge and employees) will be required to set a new password.
The period for transitioning to the new password policy is scheduled for February 16, 2022 to mid-May 2022.
The changes are as follows:
|Until February 15, 2022||From February 16, 2022||Remarks|
|Minimum password length||8 characters||10 characters||Change applies as of February 16, 2022|
|Maximum password length||72 characters||72 characters||-|
|Character type||No restrictions||No restrictions||-|
|Expiration date||Periodic changes should not be requested||Periodic changes should not be requested||-|
|Period in which consecutive password changes are not allowed||
|Prohibiting reuse of an old password||-||-||-|
|Banned passwords||-||Banned password (blacklist) settings use the API of an external database that can check whether the password has been leaked in the past||Change applies as of February 16, 2022|
|Incorrect password attempts until an account is locked||-||An account will be locked after 10 incorrect password attempts
(After 5 incorrect attempts, a “number of attempts remaining” message will be displayed)
Changed in May 2021
|Account lockout period||-||-||-|
About SmartHR's password policy
The SmartHR password policy balances user friendliness with the standards of the NIST (US government standards) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC).
Banned password (blacklist) settings use the API of an external database that can check whether the password has been leaked in the past.
Periodic changes should not be requested
See the article below to find out why SmartHR does not have a feature that requires its users to change their passwords periodically.
You will be locked out of your account after 10 incorrect password attempts.
After 5 incorrect attempts, a “number of attempts remaining” message will be displayed.
An account can be unlocked by personnel in charge or the employee can reset their password.
For more information, refer to the help page below.