Configuring Password Policy

Password Policy is implemented in Tally.ERP 9 from Release 3.6. Based on this, there are two types of users:

For both users, Password Policy will be applicable, only if they activate it.

To do so,

Go to Gateway of Tally > Company Info > Security Control > Password Policy

The Password Policy for Company screen will appear as shown:

Set Yes to the option – Activate password policy.

Note: Administrator can also disable the same after some interval. Policy will retain the same values once it is re-enabled.

To configure the various features of Password Policy, click on the links below:

Password Strength

Password Expiry

Password History

Policy Overriding

Changing password on first login

Allow Users to Change Password

Other Features

Password Strength

To configure Password Policy for a Security Control enabled Company:

Go to Gateway of Tally > Company Info > Security Control > Password Policy

The Password Policy for Company screen will appear as shown:

In Minimum password length field, the Administrator can specify the minimum number of characters that a password should contain. By default, 8 will be the Minimum Password Length (This value is derived from the PCI-DSS standards).

Administrator can still change this value as per the requirement.

By setting Specify ADVANCED Password Strength to Yes, the Administrator can configure User’s Password Strength by instructing them to use Alphabets, Numerals, and Special Characters in the passwords.

The Administrator can specify the Minimum number of the Alphabets, Numerical, and Special Characters that the password should comprise.

This will help user to form a strong password.

Note: If the Password Length is 0 the option, Specify ADVANCED Password Strength will be skipped.

Password Expiry

In the Password Expiry section of the Password Policy:

Password expiry period can be mentioned in the Password expires after field, in days. By default, the value will be 90 days, which is derived from the PCI-DSS.

Administrator can configure the Notification period for the Password expiry. By default the period will be 1 day.

Note: Administrator cannot set Notity before value as 0 days.

Password History

Password History maintained in Tally.ERP 9 is used to restrict the usage of previous passwords. Administrator can configure the No. of old Passwords to be restricted after enabling the option - Restrict the use of old Passwords

Note: Administrator cannot set the value as 0 in No. of old passwords to be restricted.

Policy Overriding

Administrator can override Password Policy for particular users as per the requirement.

To override Password Policy for a user:

Go to Gateway of Tally > Company Info > Security Control > User and Passwords

In the F12: Configuration, enable Show Apply Password Policy as shown:

Apply Password policy column will be appear in the List of Users for Company screen.

By default it will be enabled for all users.

Administrator can disable this option for some users as per his requirements.

Change password on first login

If the password policy followed in the organisation requires users to change their passwords upon first login, enable the option Change password on first login:

So when a user, say User A, logs into the company for the first time, the Change Password screen appears as shown, with the message Password policy requires you to change password on first login:

Allow user to change Password

As a part of Password policy, Administrator can also allow his users to change their own passwords.

He can enable this option in the Password Policy screen as shown:

If this option is enabled, user can change their password in:

Gateway of Tally > Company Info.

Upon clicking Change Password, the Change Password screen is displayed:

Other Features

User Status

Apart from configuring Password Policy, Administrator can also make a user Active or Inactive. Only active users are allowed to log in to the company while Inactive users are not allowed to load the company.

To set the status for a user:

Go to Gateway of Tally > Company Info > Security Control > User and passwords > F12: Configure

And enable Show User Status.

User Status column will appear in the List of Users for Company screen.

By default, all users will be Active.

Administrator can make a user Inactive, after which the user will be restricted to log in to the company.