LiveAgent allows you to define various password criteria and requirements for both agent and customer passwords.
Changing the criteria will only apply when a new agent or customer is creating his first password or when an existing agent tries to change his password. Existing passwords are not affected when changing these settings.
The settings for password criteria can be found in the Agent panel > Configuration > Security > Settings. Just scroll down at the bottom of the page. There you are presented with a number of password-specific options:
- etermines the minimum number of characters that can make up a password for agent/admin account
- Max password length - Determines the maximum number of characters that can make up a password for agent/admin account
- Password is valid only in case it contains at least one letter, so a character from [a-z] or [A-Z]
- Require digits in password - Password is valid only in case it contains at least one digit [0-9]
- Password quality - Password quality scores are based on strength estimation using pattern matching and minimum entropy calculations.
- Block leaked passwords - Verify if the password has been compromised in a data breach. The verification is done using a 3rd party service: https://haveibeenpwned.com/Passwords
- Password Expiration - Make agent and admin passwords expire after a certain number of days, or set passwords to never expire. Once the current password expires, agent will be given 'incorrect password' warning and needs to reset it using 'reset password' option next to the password text field on the agent login screen.
Do not forget to press SAVE at the bottom of the page to save your changes!
In the section Configuration > Agents you can also see if agents have set up 2-factor authentication and when was the password updated in the column "password updated". Currently, it is not possible to manually expire a password for an agent or enforce all agents to set up 2-factor authentication.