Protheus allows you to set some rules so that users do not use too simple passwords, and change their password periodically, increasing security. Here are the settings to increase password security:

- Access Configurator > User > Password > Policy

On the Security Policy/Password Rules tab, you have the following security settings:

- Case sensitive user: defines whether the system will be case-sensitive in the user name.

- Periodical password change every n days: defines how often the user password should be changed. You can also configure "Notify expiration n days before" to notify the user in advance to change the password. Or "Force password change in", where you can set a fixed date for password change.

- Force password change: see details about this options in http://tdn.totvs.com/pages/viewpage.action?pageId=224125136
- Minimum password size: sets the minimum number of digits defined by the security policy. The value entered in the Policy will override the others and users that do not meet the value defined by the policy will have to change the password at the next access.
- Inhibit use of last n passwords: Do not allow the user to repeat recent passwords

- Inhibit numerical sequence: defines whether the security policy should restrict the use of numerical sequences, such as 111,222,333,123,456,789, etc.

- Inhibit part of the name or user: so that the user does not use a simple password with part of the username.
- Inhibit repetition of part of the password: defines whether the security policy will restrict the use of part of the last registered password. Due to the use of Hash for password storage, this rule is validated when the user is authenticated during password change.
- Require use of letters and numbers: defines whether security policy will require the use of letters and numbers in the password

- Mask of required digits: defines the number of times a character should be used in the password (no matter the order). Example: AA99XXa. The characters that can be used are:

Note: The '#' character used in the first position of the mask indicates that the mask represents the minimum number of characters. If not entered, it indicates that the mask represents the maximum value of characters.
Example:
Mask # Aaa99X - It would accept the password TOTvs@1701, but would not accept the password TOTvs@1, for having only one number.
Mask Aaa99X - It would accept the password @17Tvs, but would not accept the password @17Tvsz, for having two lowercase characters.