You can manage your Password Policies across each different portal or area of the system separate, meaning that you can have different settings for Candidates, Hiring Managers, Vendors or Core Users.

To begin managing your Password Policy, select Admin > Security Settings, then the area of the system you with to update:

  • Candidates
  • Standard Users
  • Hiring Managers
  • Vendors

To jump to a specific section in this article, please use the links below:

Password Policy

When managing your Password Policy, the first setting is the minimum password length. This dictates the number of characters that need to be used when entering a new password.


You can also decide whether a Strong or Very strong password is required:

  • Very Strong - This means that the password must include at least one:
    • Number - 0-9
    • Uppercase letter - A-Z
    • Lowercase letter - a-z
    • Special Character - !"£$%^&*()
  • Strong - This means that the password must include any three of the following four options:
    • Number - 0-9
    • Uppercase letter - A-Z
    • Lowercase letter - a-z
    • Special Character - !"£$%^&*()

Note - A minimum of 6 characters and a strong password are the default options for all areas of the system.

Password History

After determining the strength / length, you can then control how many times a candidate can re-use an old password & dictate how often it expires.


  • Enforce Password History - this setting will control if / when a user can re-use a previously expired password. For example, if the password is Eploy123 and the history setting is 1, this means that they will be able to reuse the password after using one different one. If set to 0, the user will be able to use the same password even after it has expired. 
  • Maximum Password Age - this setting determines how often the user needs to reset their password, in days. If you require candidates to change their password every 90 days, set 90 here. Once it expires, based on the enforced password history setting (above), they can then either create a new password, or confirm their existing password (if set to 0).

The final settings for the password include the ability to reset their password if forgotten or save their usernames in the browser:


  • Remember Username - This will allow the username to remain saved in the browser, using a cookie. This means that the next time they return to the portal, the username will be pre-populated and they will only need to enter their password.
  • Allow Autocomplete - This setting allows passwords to also be saved in the browser, meaning logging in is even easier for the user.
  • Allow Forgot Password - This will show a link on the log in page, which allows the user to trigger the password retrieval process. 

Note - If using a single sign on process, you should not allow users to reset their password.

Powered by Zendesk