Managing Account Password Security and Expiration

Avatar
Smart Push
Follow

To protect merchant data from unauthorized access and potential security breaches, SmartPush implements strict password complexity standards and an automated password expiration logic. 

This article explains the requirements for setting passwords and how to manage your account’s security settings.

 

In This Article

 

Password Complexity Requirements

When registering a new account or updating an existing password, the system performs real-time validation. Your password must meet all the following criteria:

  • Length: Between 8 and 20 characters.
  • Complexity: Must include at least one uppercase letter, one lowercase letter, one number, and one English special character (e.g., !"#$%&'()*+,-./:;<=>?@[\]^_{|}~ ).
  • History: The new password cannot be identical to any of your last three passwords.

If the input does not meet these requirements, the system will display a validation error and prevent the update until all conditions are satisfied.
 

Password Expiration Logic

SmartPush uses a timed expiration system to ensure credentials are cycled regularly. The expiration period varies depending on the account status:

Account Type Default Validity Period Calculation Basis
Existing Accounts 30 Days Calculated from the feature launch date.
New/Reset Accounts 90 Days Calculated from the time the password was set or reset.

Managing Expiration Settings

Main accounts and sub-accounts can manage their password expiration status within the admin panel.

How to adjust settings:

  1. Navigate to Account Management.
  2. Click Change Password to access the password validity settings page.
  3. Toggle the Password Expiration switch.
    • To turn off this feature, you must complete a two-step verification process involving your current password and a verification code sent to your registered email.
    • Turning the switch back on does not require additional verification.

Expiration Notifications and Login Impact

To prevent service interruption, SmartPush provides automated alerts via email and in-app notifications.

Notification Schedule

  • Email Alerts: Sent when the password has 15, 7, and 1 day(s) remaining.
  • In-App Alerts: A global notification banner appears at the top of the admin panel when the password is within 30 days of expiration. This banner can be dismissed for the day but will reappear until the password is updated.

Expired Status

When a password reaches 0 days of validity:

  • You will be automatically logged out of the system.
  • Direct login using the expired password will be disabled.

To regain access, you must use the Forgot Password link on the login page to verify your identity via email and set a new compliant password.

 

Have more questions? Submit a request

Comments