Managing Your Company's Security Settings

As a Certify Administrator, you are able to configure your company's security settings. You can set a minimum password rating, enter users who should receive failed login notifications, and set up multi-factor authentication.

This article shows you, a Certify Administrator, how to manage your company’s security settings.

1. On your Certify homepage, click the gear icon.


2. Click Security Settings.


3. Choose your company’s Minimum Password Rating. The Minimum Password Rating defines the level of complexity each password must achieve to be a valid password. The 4 levels are:

  • Better: 3 password conditions met.
  • Strong: 4 password conditions met.
  • Stronger: 5 password conditions met.
  • Strongest: 6 password conditions met.

The password strength conditions are:

  • at least 6 characters (required)
  • at least 8 characters
  • one lowercase letter
  • one uppercase letter
  • one numeric character
  • one special character:  !@#$%^&*()_+=,.<>?;:/


For example, the password “Certifyrocks!” would be considered a “Stronger” password because it meets 5 of the 6 strength conditions (at least 6 characters, at least 8 characters, an uppercase and lowercase letter, and a numeric character).

Please Note: The Minimum Password Rating will only apply to passwords created or updated after the rule has been saved.

4. If desired, enter an email address or addresses to be notified when a user records a failed login attempt.


The users listed will be sent a daily notification of failed login attempts. The system will send one notification per day, even if there are no failed login attempts. 

5. Select the checkbox if you’d like to require Multi-Factor Authentication (MFA) for all users. If you un-select the checkbox, each individual user will have the option to opt out of MFA. The end user will see the option on their My Account page.


MFA is replacing the use of security questions in Certify. MFA will be triggered when a user attempts to login to Certify from an unrecognized device, IP address, or web browser. When MFA is triggered, Certify will ask the user if they want a one time security code emailed or texted to their phone. The user will then need to enter the code in Certify to prove their identity. View our Help Center article on Multi-Factor Authentication for further information.

Was this article helpful?