Password policy updates

To meet the new PCI DSS 4.0 standards effective March 2025, we’ve updated our password policies. These changes include increasing the minimum password length and requiring regular password updates for users without two-factor authentication (2FA) or those in accounts without the “SSO Required” setting.

• All users will be logged out at the time of release, except for those in accounts with “SSO Required”.
• All passwords will be marked as expired, except for users with passwords longer than 12 characters and 2FA enabled.

Users will be redirected to a “Password change required” page upon login and will receive an email titled “Change your password” with instructions and a link to the password change page.

Passwords must now be updated every 90 days. If you have MFA turned on, you don’t need to change your password every 90 days.