> ## Documentation Index
> Fetch the complete documentation index at: https://domoinc-openapi-sync-dataflows.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting Password Requirements

## Intro

You can set password requirements for Domo to enforce when users create or change passwords. You can only do this if you have an "Admin" default security role or a custom role with "Manage All Company Settings" enabled.

For more information about default security roles, see [Managing Custom Roles](/s/article/360043438973 "Security Role Reference").

To set user password requirements, do the following:

1. In the navigation header, select
   **More** **> Admin**.

The **Admin Settings** displays.

2. Select
   **Authentication** > **Authentication**.

3. Set the password requirements you want when users create or change passwords.

<Tip>
  **Tip:** Set reasonable password requirements, keeping in mind that users accessing Domo on a mobile device sign in using a keypad.
</Tip>

4. Select
   **Save**.

Password requirements you can set include the following:

<table border="1" cellpadding="1" cellspacing="1" data-aura-rendered-by="33:201;a"><thead><tr><th colspan="1" rowspan="1"><p> Name </p></th><th colspan="1" rowspan="1"><p> Description </p></th></tr></thead><tbody><tr><td colspan="1" rowspan="1"><p> Enable password length check </p></td><td colspan="1" rowspan="1"><p> Sets whether Domo checks password length. When enabled, the <b> Minimum Password Length </b> field displays, which sets the minimum number of characters that passwords must contain. </p></td></tr><tr><td colspan="1" rowspan="1"><p> Must contain UPPERCASE characters (A-Z) </p></td><td colspan="1" rowspan="1"><p> Sets whether passwords must contain uppercase characters. </p></td></tr><tr><td colspan="1" rowspan="1"><p> Must contain lowercase characters (a-z) </p></td><td colspan="1" rowspan="1"><p> Sets whether passwords must contain lowercase characters. </p></td></tr><tr><td colspan="1" rowspan="1"><p> Must contain digits (0-9) </p></td><td colspan="1" rowspan="1"><p> Sets whether passwords must contain numbers. </p></td></tr><tr><td colspan="1" rowspan="1"><p> Must contain non-alphanumeric characters (!,@,#,&) </p></td><td colspan="1" rowspan="1"><p> Sets whether passwords must contain characters besides alphabet and number characters. </p></td></tr><tr><td colspan="1" rowspan="1"><p> Enable account lock </p></td><td colspan="1" rowspan="1"><p> Sets whether Domo allows account locking. When enabled, the <b> Accounts lock after <em> # </em> invalid login attempts </b> field displays, which sets the number of invalid attempts to sign in before the account is locked. </p></td></tr><tr><td colspan="1" rowspan="1"><p> Enable password expiration </p></td><td colspan="1" rowspan="1"><p> Sets whether Domo allows account locking. When enabled, the <b> Passwords expire in <em> # </em> days </b> field displays, which sets the number of days after passwords are created or changed when users must change their password. <br /> Users are prompted to change their password before it expires (daily, 14 days before expiration). </p></td></tr></tbody></table>

## Password Blocklist (Beta)

Enterprise customers can restrict their users from using specific passwords by creating a blocklist. This can be valuable if you've had unauthorized credential usage and to limit use of passwords commonly assigned within your organization. Entries in the blocklist include passwords that do not meet the requirements you set, as mentioned above, and a growing list of the most commonly used global passwords. Entries within the blocklist are not permitted when a user creates or changes their password, but they do not impact passwords currently in use.

These settings only apply to Domo accounts passwords and do not impact your IdP account.

If you are interested in this feature, please contact your Customer Success Manager (CSM).
