Password Setup and Enforcing Two-Factor Authentication (2FA)

We’re excited to announce our new Password Setup and Enforcing Two-Factor Authentication (2FA) features on ZenHR. This new feature allows admins to set rules and requirements for employee passwords, and we’ve added a password strength indicator to ensure that all employees have strong passwords to enhance security. Additionally, admins can enforce Two-Factor Authentication (2FA) to add an extra layer of protection by requiring a second verification form, such as a one-time code sent to a mobile device.

Setting Up Password Policy

User Menu → System Preferences → General  User Management  Password Setup


On the Password Setup page, Admins can now force all system users to activate Two-Factor Authentication (2FA). This essential security measure provides an additional layer of protection beyond just a password. By requiring a second verification form, such as a one-time code sent to your Authenticator App (Such as Google Authenticator App). 2FA significantly reduces the risk of unauthorized access and enhances overall system security. 


Here are the steps that your employees need to follow to complete the 2FA Setup successfully:


2FA Activation Steps on Web App | 2FA Activation Steps on Mobile App


You can then proceed to set the desired password policies and requirements, like the following:


  1. Require uppercase letters: This will require the employee to have at least one uppercase letter (e.g., A, B, C). 

  2. Require lowercase letters:  This will require the employee to have at least one lowercase letter - (e.g., a, b, c).

  3. Require special characters:  This will require the employee to have at least one special character - (e.g., #, !, @).

  4. Require numbers: This will require the employee to have at least one number (e.g., 1, 2, 3).

  5. Minimum password length: the minimum number of characters the password needs to contain

  6. Password reuse prevention: admins can set the number of times the employee must change their password before reusing an old one. This helps enhance security by reducing the risk of compromised or weak passwords being recycled.

  7. Maximum password age: The time (in days) a password must be used before the employee can change it. This will expire the current password. 

Note: While the minimum is 6 characters, we advise a minimum of 10


Password Settings

Once the password policy has been created, the employee can see the password requirements and view their password strength.



A green check will appear beside each password requirement that is met, indicating the password's strength. The system will not allow employees to submit passwords if unmet requirements are unmet.