Password Policy is implemented in Tally.ERP 9 from Release 3.6. Based on this, there are two types of users - Existing/Old Tally users (i.e., Tally users before Release 3.6) and New Users of Tally (Fresh Users from Release 3.6). For both users, Password Policy will be applicable, only if they activate it.
To activate password policy
1. Go to Gateway of Tally > Company Info > Security Control > Password Policy.
The Password Policy for Company screen will appear as shown:
2. Set Yes to the option – Activate password policy.
Note: Administrator can also disable the same after some interval. Policy will retain the same values once it is re-enabled.
To configure the various features of Password Policy, click on the links below:
Changing password on first login
Allow Users to Change Password
To configure Password Policy for a Security Control enabled Company:
1. Go to Gateway of Tally > Company Info > Security Control > Password Policy.
The Password Policy for Company screen will appear as shown:
2. In Minimum password length field, the Administrator can specify the minimum number of characters that a password should contain. By default, 8 will be the Minimum Password Length (This value is derived from the PCI-DSS standards). Administrator can still change this value as per the requirement.
3. By setting Specify ADVANCED Password Strength to Yes, the Administrator can configure User’s Password Strength by instructing them to use Alphabets, Numerals, and Special Characters in the passwords.
4. The Administrator can specify the Minimum number of the Alphabets, Numerical, and Special Characters that the password should comprise. This will help user to form a strong password.
Note: If the Password Length is 0 the option, Specify ADVANCED Password Strength will be skipped.
In the Password Expiry section of the Password Policy:
Password expiry period can be mentioned in the Password expires after field, in days. By default, the value will be 90 days, which is derived from the PCI-DSS.
Administrator can configure the Notification period for the Password expiry. By default the period will be 1 day.
Note: Administrator cannot set Notity before value as 0 days.
Password History maintained in Tally.ERP 9 is used to restrict the usage of previous passwords. Administrator can configure the No. of old Passwords to be restricted after enabling the option - Restrict the use of old Passwords
Note: Administrator cannot set the value as 0 in No. of old passwords to be restricted.
Administrator can override Password Policy for particular users as per the requirement.
To override Password Policy for a user:
1. Go to Gateway of Tally > Company Info > Security Control > User and Passwords
2. In the F12: Configuration, enable Show Apply Password Policy as shown:
3. Apply Password policy column will be appear in the List of Users for Company screen.
By default it will be enabled for all users as shown below:
Administrator can disable this option for some users as per his requirements.
If the password policy followed in the organisation requires users to change their passwords upon first login, enable the option Change password on first login:
So when a user, say User A, logs into the company for the first time, the Change Password screen appears as shown, with the message Password policy requires you to change password on first login:
● Current/Existing Password: Enter the existing password in this field
● New Password: Enter the password you wish to use in this field
● Repeat New Password: Enter the password that was entered in New Password field
● The strength of the new password will be indicated below the Repeat New Password field.
As a part of Password policy, Administrator can also allow users to change their own passwords.
You can enable this option in the Password Policy screen as shown:
If this option is enabled, user can change their password in Gateway of Tally > Company Info.
Upon clicking Change Password, the Change Password screen is displayed:
Current/Existing Password: Enter the existing password in this field
New Password: Enter the password you wish to use in this field
Repeat New Password: Enter the password that was entered in New Password field
The strength of the new password will be indicated below the Repeat New Password field.
Apart from configuring Password Policy, Administrator can also make a user Active or Inactive. Only active users are allowed to log in to the company while Inactive users are not allowed to load the company.
To set the status for a user
1. Go to Gateway of Tally > Company Info > Security Control > User and passwords > F12: Configure
2. Enable Show User Status.
3. User Status column will appear in the List of Users for Company screen. By default, all users will be Active as shown below:
Administrator can make a user Inactive, after which the user will be restricted to log in to the company.