Learn from the best and brightest in legal, technology, and beyond! 
Objective:
- To determine what Clio requires when creating a password
Environment:
- Clio Web App
Additional Information:
n/a
Answer:
In Clio, passwords follow these specifications:
- Password must be a minimum of 6 characters and can be as long as 72 characters.
- Passwords that are longer than 72 characters are still accepted by Clio, but only the first 72 characters will be considered when the password is validated. This allows the use of passphrases.
- Users' passwords will expire per the password expiry period specified in the "Password Security" settings. Password Security settings can only be accessed by account administrators.
- Password Expiry intervals can be: never, 30 days, 60 days, 90 days, 180 days, and 365 days
- Every time a user rests their password for any reason, their expiry period resets. So, if the account Admin has set the password expiry period to 180 days and a user resets their password at day 90 of that period, then they will have another 180 days before being prompted to reset their password again.
- Users will receive an in-app banner warning when their passwords are to expire in 14 days. No email reminders will be sent. Dismissing this notice will dismiss it for good. There will be no further warnings.
- When a user's password has expired or is reset for any reason, they will not be able to reuse the password that they had just used. This restriction is limited once, meaning that the original password can be reused on a subsequent reset.
- When a user's password has expired, they will get a message that their password has expired ONLY if they try to enter in the correct password. If an incorrect password is entered, then the user will see a message that they are trying to use the wrong password.
- Account Owners can force an individual user or all account users to change their passwords through the "Manage Users" page of the Settings panel.
- The strong password requirement DOES apply to Clio Connect users.