You can set up different levels of password security using Freshservice for your agents and requesters. By default, any password must contain a minimum of 8 characters and must not contain the username. 


You can also opt for advanced settings and set up custom password policy like the password expiration time or the minimum password length. The more sensitive the data your agents/requesters have access to, the more stringent your password rules must be. Please note that you will not be able to set up password policies if your SSO is enabled.


Quick guide to setting up your password policy:


  • Login to your helpdesk as an administrator.
  • Go to Admin > Security.
  • Under the Password Policy section, you can choose the Default or the Advanced option for agents and requesters. 
  • If you choose the advanced policy, among other options, you will be able to:
    • choose the minimum number of characters required for the password, 
    • decide when the passwords should expire, 
    • control the repetition of passwords, using the corresponding drop-downs.
  • You can also choose to have alphanumeric characters, mixed cases and special characters in the passwords.
  • Once you make the changes, hit Save.





What happens after the changes are made:


  • Any change you make in the password section will take 4-8 hours to be implemented.
  • If the changes are made to the agent password policy, 
    • the agents who are logged in will be prompted to change their passwords for an hour before the change is enforced, after which they will be logged out. They can login again after setting up a new password that complies with the policy changes.
    • the agents who are not logged in will be made to change their passwords the next time they try to log in.



  • If the changes are made to the requester password policy, requesters will be made to change the password the next time they try to log into your helpdesk. If the implementation of the password happens when they are logged in, they will be logged out.



For existing users:


If you are an existing user (account created before 13 May 2016), you will have an additional "None" option under Admin > Security > Password Policy that will be set by default. You can change it to either Default or Advanced.







Note: Once you set up a 'Default' or 'Advanced' policy, you will not be able to go back to the "None" option