This article explains the password requirements you will need to meet when choosing your Personio password.

To activate your account, you will receive an email from Personio. Follow the link in this email, then sign in with your email address, and set your individual password.

General Password Requirements - for employees 

To ensure your Personio password meets certain security standards, it needs to fulfil the following requirements: 

• It must contain a minimum of 8 and a maximum of 128 characters.
• It must contain at least one number.
• It must contain at least one special character.
• It must at least contain one letter.
• It must not contain your own name.
• It must be different from the previous 12 passwords used.

⚠️ Please also note:

• Passwords and login information should always be stored in an encrypted format, ideally using a password manager.
• Passwords should never be entered via copy and paste.
• If you fail to log in three times in a row, your Personio account will be locked. To recover your account access, you will receive a one-time Security Token via email.
• Passwords can be changed a maximum of three times a day.

Additional Password Configurations - for administrators

Since the information stored in Personio contains sensitive personal data, we recommend limiting the password validity of all employees to 90 days.

To do so, go to Settings > Integrations > Authentication > Password Configuration > Edit. Tick the checkbox so that your employees have to change their Personio password every 90 days. Employees will be notified 10 days before their password change deadline.

If you select this setting for the first time, all employees who set their current password more than 90 days ago will have to change their password immediately. These employees will be prompted to do so upon their next login.

To make your employee login even more secure, you can activate 2-factor authentication. Read more about the different authentication methods.