# Pasword policy & session timeout

## 🔐 1. Password Policy

### **✅ Purpose**

Allows administrators to define and enforce password rules to enhance security and meet organizational needs.

### **🧩 Configurable Options**

<table><thead><tr><th width="225.07421875">Parameter</th><th>Description</th></tr></thead><tbody><tr><td><strong>Minimum length</strong></td><td>Minimum number of characters (e.g. 8, 12, 16)</td></tr><tr><td><strong>Complexity requirements</strong></td><td>Require uppercase, lowercase, numbers, and special characters</td></tr><tr><td><strong>Password expiry</strong></td><td>Passwords expire after X days (e.g. 90 days)</td></tr><tr><td><strong>Password history</strong></td><td>Prevent reuse of the last X passwords</td></tr><tr><td><strong>Invalid login attempts</strong></td><td>Lock account after Y failed login attempts</td></tr><tr><td><strong>Lockout duration</strong></td><td>Lock the account for a specific time (e.g. 30 minutes)</td></tr></tbody></table>

**🔧 How to Configure**

1. Log in to the admin portal.
2. Navigate to <https://iam.console.vngcloud.vn/account-settings>
3. Adjust the parameters as needed.
4. Click **Save** to apply changes.

***

## ⏱️ 2. Session Timeout Policy

### **✅ Purpose**

Automatically logs users out after a period of inactivity to prevent unauthorized access.

### **🧩 Configurable Options**

* 15 minutes
* 30 minutes
* 1 hour