Password Security

See how to determine security policies for your organisation.

Password Security allows users to set the security levels for both Mobile Users and Secondary Logins for both the website and mobile app.  The security level can be set for the whole account, or can be broken down to User Group or individual Mobile User level.

Password Policies

 Low SecurityMedium SecurityHigh Security
What is the minimum length a password can be?2 characters6 characters8 characters
Can the password be changed by the user?YesYesYes
How many failed login attempts can there be before a user is locked out?N/A53
How long before a password expires, and it needs to be changed?N/A90 days60 days
Will the user need to change their password after it has been changed by an administrator?YesYesYes
Do the user need to change their password when logging in for the first time?YesYesYes
Are there any restrictions on the password a user can use?NoYes - cannot use any of the 5 previous passwordsYes - cannot use any of the 5 previous passwords


Setting the Security Level

Account Level

The Security Level of a WorkMobile account can be set through the Settings page. All User Groups, Mobile Users and Secondary Logins that are created once the Account Security Level has been set will default to this Security Level. The Account Holder password will also be subject to the password policies of the selected Security Level.


User Groups Level

Within each User Group there will be an option to select the Security Level. This level will then be applied to all Mobile Users within this User Group.


Mobile User Level

Mobile Users will, by default, inherit the Security Level of the User Group they are in. However, individual Mobile Users can have a different Security Level selected through the Mobile User Edit page.


Secondary Login Level

The Security Level for a Secondary Login will by default match the level set for the Account Holder but similarly to Mobile Users, a different Security Level can be set for a Secondary Login when accessing the Secondary Login Edit page.


Moving Mobile Users into different User Groups

When moving a Mobile User into a new User Group, if the User Group has a higher Security Level than the Mobile User currently has then the Mobile User’s Security Level will be updated. If a Mobile User is moved into a User Group with a lower Security Level than their existing one, the Mobile User will keep the higher Security Level.


Consecutive Failed Logons

When accessing the edit page for a Mobile User or Secondary Login, portal users will be able to see a Consecutive Failed Logons counter. This number will increase with each failed login attempt until the user either:

  • Successfully logs in (Number will reset to 0)
  • Is deactivated or activated (Number will reset to 0)
  • Reaches the maximum number of failed logins - see the Password Policy for details (User will show as Deactivated)