Password policy
If users log in using SSO, their password policy is defined by their identity provider (IdP). Check your IdP's documentation for information on its password policy and configuration. This topic is only applicable to users that log in using the default Sitecore authentication.
The Sitecore Cloud Portal enforces the following password policy for users that log in using the default Sitecore authentication.
Password complexity
Team members' passwords must be at least eight characters and contain:
-
Uppercase letters (
A-Z), lowercase letters (a-z), and numbers (0-9). -
Non-alphanumeric characters such as
! @ # $ % ^ & *.
Do not include personal data such as the user's name.
Password history
Sitecore Cloud Portal does not store password history and passwords do not expire.
Multi-factor authentication
You can enable multi-factor authentication (MFA) to make unauthorized access to your organization more difficult. MFA works with any authenticator app such as Microsoft Authenticator or Google Authenticator.
Brute-force protection
After ten failed login attempts for single user from the same IP address:
-
The IP address will be blocked from logging in as that user for 30 days unless Sitecore Support unblocks the IP address.
-
The user will receive an notification email.