Password policy
If team members log in using SSO, their password policy is defined by their identity provider (IdP). Check your IdP's documentation for information on its password policy and configuration. This topic is only applicable to team members that log in using the default Sitecore authentication.
The Sitecore Cloud Portal enforces the following password policy for team members that log in using the default Sitecore authentication.
Password complexity
Team members' passwords must be at least eight characters and contain:
-
Uppercase letters (
A-Z), lowercase letters (a-z), and numbers (0-9). -
Non-alphanumeric characters such as
! @ # $ % ^ & *. -
No personal data.
Password history
Sitecore Cloud Portal does not store password history and passwords do not expire.
Multi-factor authentication
You can enable multi-factor authentication (MFA) to make unauthorized access to your organization more difficult. MFA works with any authenticator app such as Microsoft Authenticator or Google Authenticator.
Brute-force protection
After ten failed login attempts for single team member from the same IP address:
-
The IP address will be blocked from logging in as that team member for 30 days unless Sitecore Support unblocks the IP address.
-
The team member will receive an notification email.