This article is for administrators who manage authentication and security settings in WorkEasy to add a password policy. It explains what each field means, and how to use a custom regular expression and error messages for validation.
Go to Global Settings. Under General Settings, select Password Policies.
Click Add.
Name: a unique name for the policy.
Effective date: date and time when the policy becomes active.
Password history depth: number of previous passwords the system remembers to prevent reuse.
Reset in days: required rotation interval.
Min length and Max length: allowed character range for passwords.
Min numbers required: minimum count of numeric digits.
Min capitals required: minimum count of uppercase letters.
Min symbols required: minimum count of symbols.
Eligible symbols: set of allowed special characters.
Custom regular expression: optional regex to enforce advanced rules.
Error message: text shown to users when a password fails validation.
Example based on the screen
.png?sv=2022-11-02&spr=https&st=2025-10-25T05%3A17%3A24Z&se=2025-10-25T05%3A28%3A24Z&sr=c&sp=r&sig=NEPKq0PGlj7LAfoyQwictkY3zrsHfqF8J2Smp6Ek3cM%3D)
The following values mirror the example shown in the image and are suitable for a strong, user friendly baseline:
Password history depth:
5Reset in days:
90Min length:
8Max length:
25Min numbers required:
1Min capitals required:
1Min symbols required:
1Eligible symbols:
~!@#$%^&*()_-+=[]|{}<>?,.;:
What custom regular expression is
Regex (regular expression) is a pattern-matching language used to validate or search text. In password policies, regex enforces rules like minimum length, required characters, or forbidden patterns.If you use a custom regular expression, make sure the Error message explains the rule in plain language.
Best practices for using regex in password policies
Keep it simple: Avoid overly complex rules that frustrate users.
Explain clearly: Always pair regex with a plain-language error message.
Focus on essentials: Enforce length, variety of character types, and prevention of weak patterns.
Don’t overrestrict: Allow a wide range of symbols and avoid forcing arbitrary sequences.
Test before rollout: Validate that your regex accepts strong passwords and blocks weak ones.
Custom regular expression example
This regex requires at least 12 characters including an uppercase letter, a lowercase letter, a number, and a special character.
^(?=.*[A-Z])(?=.*[a-z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{12,}$Error message examples
Password must be at least 12 characters long and include at least one uppercase letter, one lowercase letter, one number, and one special character.
Use 8+ characters with an uppercase letter, lowercase letter, number, and special character.
Save and apply
Review all fields and confirm the effective date and time.
Click Save.