Enforcing password policies

Improve account security by implementing team-level password policies. As a Team Owner or Team Lead, you are able to set certain password policies that will apply to team members automatically.

Account passwords already enforce a high password entropy by requiring a minimum of 10 characters, with one uppercase, one lowercase letter and a number.

Password policies are enforced on any Pigeonhole Live account that is part of the team that requires it. If a user is part of multiple teams, as long as one team requires it, the user's account will assume the password policy. Once the user leaves the team, the password policy is no longer applied.

Configuring Team Password Policies

Navigate to
Workspace › (select your Team) › Workspace Settings › Security

These policies are disabled by default.


Require Team members to change passwords every 90 days

When activated, team members will be forced to change their Pigeonhole Live account passwords every 90 days.

New password must be different from last 5 passwords

When activated, team members will not be able to reuse any of their last 5 used passwords. We enforce this by checking against the hash of passwords used in the past. We don't actually have knowledge of account passwords.