Password policy update - what happens to existing passwords?

Hi everyone,

We would like to update the password policy to be more restrictive, but in documentation I cannot seem to find information on what happens to existing passwords that do not meet the new policy? Would the users be required to update their password at the first log in after the update? Would all passwords be retired? Would the policy only be applicable to new users?

Any insight would be much appreciated!


Hi Dorota,

Existing passwords will not be affected when a password policy is added or modified, except perhaps if the ‘Automatic Expiry’ option is used.

The password policy is enforced at the time that a user’s password is changed (e.g. administrator change, user’s own change, forgotten password link, etc.).

If you want the policy to apply immediately, you can expire users’ passwords using the ‘Expire Password’ option in the ‘More’ menu on the users administration screen. This will enforce a new password to be set the next time the user signs into Phocas.


1 Like

Hi Liam,

Many thanks for your help with this. Much appreciated.


1 Like