Password requirements

Note: This topic is applicable to UKG-controlled passwords. If your agency has implemented SSO or outside authentication services, your password requirements may differ.

By default, the application enforces the following password requirements for UKG-controlled passwords.

  1. Minimum length is 15 characters. Note: Depending on the user's role, the minimum length may vary. If the role is associated with the Low security access level, the minimum length is 15 characters. If the role is associated with the Medium or High access levels, the minimum length is 20 characters. For details, refer to About password validation rules and About access levels.

  2. Maximum length is 64 characters.

  3. May not have more than 3 consecutive repeating characters.

  4. Must contain a mix of characters from the following categories: alphabetic, numeric and uppercase. For details, refer to About password validation rules.

  5. Are not names or words.

  6. The maximum number of failed log in attempts is 5. If the user log in fails after 5 attempts, the user is locked out of the system for 30 minutes.

  7. The maximum password age is 90 days and the minimum password age is 1 day.

  8. The same password cannot be used for a password history of at least 24 passwords.

Passwords are case-sensitive.

Related Topics

About access levels

About authentication validation rules

About password validation rules

Changing or resetting your password

Registering your MFA credential

Registering your required MFA credential