This article explains the password requirements you'll need to meet when choosing your Personio password.
To activate your account, you will receive an email from Personio. Follow the link in this email, then sign in with your email address, and set your individual password.
General Password Requirements
To ensure your Personio password meets certain security standards, it needs to fulfil the following requirements:
- It must contain a minimum of 8 and a maximum of 128 characters.
- It must contain at least one number.
- It must contain at least one special character.
- It must at least contain one letter.
- It must not contain your own name.
- It must be different from the previous 12 passwords used.
⚠️ Please also note:
- Passwords and login information should always be stored in an encrypted format, ideally using a password manager.
- Passwords should never be entered via copy and paste.
- If you fail to log in three times in a row, your Personio account will be locked. To recover your account access, you will receive a one-time Security Token via email.
- When changing your password, you cannot use a password that you have used before.
- Passwords can be changed a maximum of three times a day.
To make your employee login even more secure, you can activate 2-factor authentication. To do so, go to Settings > People > Employee Roles > Security, select the employee role for which you want to activate the 2-factor authentication, tick the checkbox and click Submit. Once this is activated, users of the specific employee role will need their email address, password, and a six-digit code that will be generated on a smartphone, to log into their Personio account.
Additional Password Configurations
Since the information stored in Personio contains sensitive personal data, we recommend limiting the password validity of all employees to 90 days.
To do so, go to Settings > Integrations > Authentication > Password Configuration > Edit. Tick the checkbox so that your employees have to change their Personio password every 90 days. Employees will be notified 10 days before their password change deadline.
If you select this setting for the first time, all employees who set their current password more than 90 days ago will have to change their password immediately. These employees will be prompted to do so upon their next login.