Why am I prompted to change my password every few days when it expires in 90 day - Answers - Salesforce Trailblazer Community
Trailblazer Community
Ask Search:
Jay RomanekJay Romanek 

Why am I prompted to change my password every few days when it expires in 90 day

Why am I prompted to change my password every few days when it is set to expire in 90 days?
Sunil KeshariSunil Keshari

User passwords expire in 90 days set for your Org so it's prompt to change password.
Sunil KeshariSunil Keshari

Setting Password Policies

Available in: Contact Manager, Group, Professional, Enterprise, Unlimited, Developer, and Database.com Editions

User PermissionsNeeded
To set password policies: “Manage Users”
For your organization’s security, you can set various passwordand login policies.
User passwordscannot exceed 16,000 bytes.
  1. Click Your Name | Setup | Security Controls | Password Policies.
  2. Customize the password settings.
    Field Description
    User passwords expirein The length of time until all user passwords expire and mustbe changed. Users with the “Password Never Expires”permission are not affected by this setting. The default is 90 days. This setting is not availablefor Self-Service portals.
    Enforce password history Save users’ previous passwords so that they must alwaysreset their password to a new, unique password. Password history isnot saved until you set this value. The default is 3 passwordsremembered. You cannot select No passwords remembered unless you select Never expires for the User passwords expirein field. This setting is not availablefor Self-Service portals.
    Minimum password length The minimum number of characters required for a password. Whenyou set this value, existing users aren't affected until the nexttime they change their passwords. The default is 8 characters.
    Password complexity requirement The restriction on which types of characters must be used ina user’s password.
    Complexity levels:
    • No restriction—allows any passwordvalue and is the least secure option.
    • Must mix alpha and numeric—requiresat least one alphabetic character and one number. This is the default.
    • Must mix alpha, numeric, and special characters—requires at least one alphabetic character, one number, andone of the following characters ! # $ % - _ = + < >.
    Password question requirement The values are Cannot contain password, meaning that the answer to the password hint question cannot containthe password itself; or None, the default, forno restrictions on the answer. The user’s answer to the passwordhint question is required. This setting is not available for Self-Service portals, Customer Portals, or partner portals.
    Maximum invalid login attempts The number of login failures allowed for a user before theybecome locked out. This setting is not availablefor Self-Service portals.
    Lockout effective period The duration of the login lockout. The default is 15 minutes. This setting is not availablefor Self-Service portals.
    If users are locked out, they must wait until the lockoutperiod expires. Alternatively, a user with the “Reset User Passwords and UnlockUsers” permission can unlockthem by clicking YourName | Setup | Manage Users | Users, selecting the user, then clicking Unlock. This button is only available when a user is locked out.
  3. Customize the forgotten password and locked account assistanceinformation.
    This setting is not available for Self-Service portals, Customer Portals, or partner portals.
    Field Description
    Message When set, this custom message appears in the Account Lockoutemail and at the bottom of the Confirm Identity screen for users resettingtheir passwords. You can customize it with the name of your internalhelp desk or a system administrator. For the lockout email, the messageonly appears for accounts that need an administrator to reset them.Lockouts due to time restrictions get a different system email message.
    Help link If set, this link displays with the text defined in the Message field. In the Account Lockout email, the URL displaysjust as it is typed into the Help link field,so the user can see where the link takes them. Thisis a security feature because the user is not within a Salesforce organization.

    On the Confirm Identity password screen, the Help link URL combines with the text in the Message fieldto make a clickable link. Security isn't an issue sincethe user is in a Salesforce organization when changing passwords.

    Valid protocols:
    • http
    • https
    • mailto:
  4. Specify an alternative home page for users with the “API Only User” permission. After completing user management taskssuch as resetting a password, API-only users areredirected to the URL specified here, rather than to the login page.
  5. Click Save.
Sabarivasan KuppusamySabarivasan Kuppusamy

May be your Organisation Policy will be set as 90 days.

You can change it upto as many days you want or Never expire option also available.

But it is advisable to change the password frequent interval.

Pls refer the below screenshot for further assistance.

User-added image

Erin KassabErin Kassab
Hi Jay, 

I'm sure you've gotten the answer to this by now, but I wanted to post the solution in case others read this feed. See this other feed for the answer -  https://success.salesforce.com/answers?id=90630000000gvPFAAY

ake sure to also clear your cache and cookies!