--- title: "What are the password requirements?" date: "2025-01-09T13:58:08+00:00" summary: "Discover Acquia DAM's password requirements for secure access. Learn about character minimums, complexity rules, expiration policies, and account lockout procedures to ensure your digital asset management security." image: type: "page" url: "/acquia-dam/what-are-password-requirements" id: "bf098386-ba7a-442d-bd7e-bb0187cbd1c2" --- The minimum requirements for an account within Acquia DAM are a first name, a last name, and a valid email address. The Secure Sockets Layer protocol used in the site requires each user to have their own account, accessible with a unique username and password. **Why did password requirements become stricter?** The previous DAM minimum password strength settings were below Acquia’s and security's best practice standards. To enforce more up-to-date password security and increase overall DAM security for all customers, these requirements were updated. **Default password requirements** New sites and users whose password reset timer expires must now follow these updated default password rules: Requirement Details Minimum Length **12 characters minimum** Minimum Special Characters **1 special character minimum** Minimum Lowercase **1 lowercase character minimum** Minimum Uppercase **1 uppercase character minimum** Minimum Numeric **1 numeric value minimum** Expiration Duration **90 days maximum** Password Reuse Users cannot reuse the **past 24 previously used passwords** **Password expiration and administration** All customers have a default **90-day password expiration**. While the new default is 90 days, administrators can still adjust the reset timeline on an individual user level. However, this custom timeline must still be within the **90-day maximum** rule. To change password requirements and increase password complexity for all DAM users globally, contact **Acquia DAM support**. **Login and security features** If a user enters an incorrect password five times, they are locked out of their account for **15 minutes**. Administrators cannot override this timeframe. To increase security, **CAPTCHA** is on all pages where passwords are created or changed. You must type the characters in the field exactly as they are shown in the **CAPTCHA**.