The Legistar Password Policy is a setting that Granicus can enable for your Legistar database, which increases security by implementing complexity requirements and expiration for user passwords, and increases usability by enabling users to reset their own passwords from the Legistar login screen.
Prior to the Legistar Password Policy being implemented, Legistar passwords for all databases were only required to have 4-12 characters of any type, and did not expire. These parameters are still in effect for any databases that do not have the Legistar Password Policy enabled.
Requirements for passwords
When the Legistar Password Policy is enabled, user passwords are required to meet the following criteria:
- At least 12 characters long
- At least 1 lowercase letter
- At least 1 uppercase letter
- At least 1 number
- At least 1 special character. Permitted special characters are as follows: !#$%&'()*+,-./:;<=>?@[]^_`{|}~
How to reset your password
Once Password Policy is enabled, if your existing password does not meet the requirements listed above, or if you have used that password for longer than the password expiration period set by your administrator, then Legistar will prompt you to reset your password the next time you log in. Follow the steps below to reset your password.
- Launch Legistar.
- On the Legistar login screen, enter your username in the Username field.
- Click Reset Password.
- A new Reset Password window populates. Enter your new password in the New Password field. As you type your new password in, each of the requirements listed at the bottom of the window turns from red to green when that requirement is fulfilled. If your password meets all requirements, then all listed requirements show in green text.
- Retype your new password in the Confirm Password field.
- When you clicked Reset Password in step 3, an email with a reset code was sent to your email address. Find that email and enter the reset code in the Reset Code field.
- Click OK.
You are required to reset your password whenever it expires (as determined by the password expiration period set by your administrator), but you can reset your password at any time before it expires using the method above. If you are logged in to Legistar, you can also change your password via Local Settings; see
Changing Your Password for more details.
Password expiration reminders
A certain number of days before your password expires (set by your administrator), you will begin to receive reminders to reset your password, both via email and in the Legistar UI as shown below. Legistar sends one reminder email per day during the reset reminder period until your password has been reset.
What if I'm not receiving the reset emails?
If you don't receive an email with a reset code after clicking
Reset Password, contact one of your Legistar administrators and ask them to confirm that your email address is recorded correctly in Legistar Administration, and that the email address legistar@granicus.com is added to your email service's safe list. If you are still not receiving reset emails after checking these items, reach out to Granicus Customer Support for assistance. In the meantime, you can ask your administrator to change your password for you.