Published on November 1, 2020.

One of the many responsibilities of a NetSuite Administrator is to configure an instance's password policy. It's easy enough to do, but also something that is easy to overlook.

To configure an instance's password policy, navigate to: Setup > Company > General Preferences

There are a lot of settings on the General Preferences form, but only three of them are relevant to the instance's password policy: Password Policy, Minimum Password Length, and Password Expiration In Days. Let's take a look at those settings.

Password Policy

There are three password policy options: Weak, Medium, and Strong.

When the Password Policy is set to Weak, the only requirement for passwords is that they are at least 6 characters long. It doesn't matter what a password consists of. For obvious reasons, this option is not recommended.

The Medium option increases the length requirement to 8 characters, and also requires that passwords consist of at least two character types. The character types are upper case letters, lower case letters, non-alphanumeric ASCII characters, and numbers.

With the Strong option, passwords must be at least 10 characters long, and must consist of at least three of the four character types. This is the default Password Policy for new instances.

Minimum Password Length

While the Password Policy determines the minimum length of passwords, you can use the Minimum Password Length to require longer passwords.

Password Expiration In Days

It's also possible to require that users update their passwords periodically. By default, that's 180 days. But you can use this setting to adjust the frequency, and extend it as far out as 365 days.