As a user management admin, you can enforce password requirements to protect your users’ managed Google Accounts and meet your organization’s compliance needs.
You can also see which of your users’ passwords are weak by monitoring their password strength.
Help keep user accounts secure:
- Require a strong password—You can force users with weak passwords to change them. You can also require a certain number of characters for passwords.
- Prevent users from reusing old passwords.
- Explain the importance of strong passwords—To help users create strong passwords, share these password.
Set password requirements:
1. Sign in to your Google Admin console.
2. From the Admin console Home page, go to Security >> Password management.
3. On the left, select the organizational unit where you want to set the password policies.
For all users, select the top-level organizational unit. Otherwise, select another organization to make settings for its users. Initially, an organization inherits the settings of its parent organization.
4. In the Strength section, check the Enforce strong password box.
5. In the Length section, enter a minimum and maximum length for your users’ passwords. It can be between 8 and 100 characters.
6. To force users to change their password, check the Enforce password policy at next sign-in box.
If you don’t check this option, users with weak passwords can access your organization’s Google services until they decide to change their password.
7. To allow users to reuse an old password, check the Allow password reuse box.
You cannot set the password history that Google reviews to prevent reuse.
8. In the Expiration section, select the period of time after which passwords expire.
9. Click Override to keep the setting the same, even if the parent setting changes.
10. If the organizational unit’s status is already Overridden, choose an option:
- Inherit—Reverts to the same setting as its parent.
- Save—Saves your new setting (even if the parent setting changes).