Complex (strong) passwords are required by the
PCI DSS (Payment Card Industry Data Security Standard) for all users with access to payment card numbers. Refer to section 8.5 of the PCI DSS for additional requirements related to user passwords.
Minimum requirements for a password to be accepted as complex:
The password must contain:
At least seven characters (letters, numbers, special characters)
At least one number
At least one uppercase letter
Complex passwords must be changed every 90 days. QuickBooks prompts you to change your password near the end of the 90 days as well as on the expiration date itself.
Note: If you're getting a message that your password is not complex, it means you've enabled credit card protection and haven't met one of the requirements described above.
Examples of complex passwords:
Additional tasks for compliance
Customer credit card protection overview
Use challenge phrase to reset administrator password