Password Policy

Subject:: 労務管理プラン人事・労務エッセンシャルプランプロフェッショナルプラン¥0プランタレントマネジメントプランHRストラテジープラン

This page provides information about SmartHR's password policy.

If you have any questions about the password policy, please refer to the help page below.

Tips

In order to improve the security of SmartHR, a new recommended password policy has been put in place by SmartHR based on the opinions of various parties regarding passwords as of February 16, 2022.

[Reference] [Update information] Changes to the password policy

In accordance with the changes to the password policy, all SmartHR users (including personnel in charge and employees) will be required to set a new password.

The period for transitioning to the new password policy is scheduled for February 16, 2022 to mid-May 2022.

The changes are as follows:

	Until February 15, 2022	From February 16, 2022	Remarks
Minimum password length	8 characters	10 characters	Change applies as of February 16, 2022
Maximum password length	72 characters	72 characters	-
Character type	No restrictions	No restrictions	-
Expiration date	Periodic changes should not be requested	Periodic changes should not be requested	-
Period in which consecutive password changes are not allowed	-	-	-
Prohibiting reuse of an old password	-	-	-
Banned passwords	-	Banned password (blacklist) settings use the API of an external database that can check whether the password has been leaked in the past	Change applies as of February 16, 2022
Incorrect password attempts until an account is locked	-	An account will be locked after 10 incorrect password attempts (After 5 incorrect attempts, a “number of attempts remaining” message will be displayed)	Changed in May 2021 [Reference] May 24, 2021 Accounts will now be locked after multiple failed login attempts
Account lockout period	-	-	-

Table of contents

About SmartHR's password policy
Password length
Character type
Banned passwords
Expiration date
Account lockout

About SmartHR's password policy

The SmartHR password policy balances user friendliness with the standards of the NIST (US government standards) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC).

Password length

10 characters

Character type

No restrictions

Banned passwords

Banned password (blacklist) settings use the API of an external database that can check whether the password has been leaked in the past.

Expiration date

Periodic changes should not be requested

Account lockout

You will be locked out of your account after 10 incorrect password attempts.

After 5 incorrect attempts, a “number of attempts remaining” message will be displayed.

An account can be unlocked by personnel in charge or the employee can reset their password.

For more information, refer to the help page below.

:::