# Security ## Back office token protection The token protection helps **secure access to your back office by using tokens**.

Learn more about Back Office Token Protection

When this feature is enabled, each URL becomes specific to a customer's session, and cannot be used as-is on another browser, thus protecting any information they might have stored during that session. By default, back office token protection is **enabled.**

### Configure the password policy & password strength indicator The **password policy** menu allows you to configure your store's password policy by choosing between 5 increasing levels of complexity. This will allow you to decide how strict you want to be about user passwords. Passwords are rated from **0** (Extremely guessable) to **4** (Very unguessable) based on their security score. The minimum and maximum length of passwords can be set manually.

When creating an account, front office users receive real-time cues of their chosen password’s strength according to the back office password policy. A color-coded cue *–* as well as a tooltip *–* will help them understand if their password is strong enough. ***Note:** themes must be updated to support this feature. See* [#themeandlogo-yourcurrenttheme](https://docs.prestashop-project.org/v.8-documentation/improving-shop/customizing-store-design/theme-and-logo#themeandlogo-yourcurrenttheme "mention") | Cue color | Password length | Password strength | | :-------: | :-------------: | :---------------: | | 🟥 | Not long enough | Not strong enough | | 🟧 | Not long enough | Strong | | 🟩 | Good | Strong | | An example of a weak password (🟥,🟧) | An example of a strong password (🟩) | | :-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | ![](https://3898701297-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjyL8OZq59yY3Nomb341u%2Fuploads%2FDAWu2oMp4F3m0KRqIuEU%2Fimage.png?alt=media\&token=985b4ee9-34a5-4f51-8e00-a990aeaae7ed) | ![](https://3898701297-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjyL8OZq59yY3Nomb341u%2Fuploads%2FGF2VEk2i5G2ZhhtsXgTd%2Fimage.png?alt=media\&token=8bf5c499-211e-43e1-909b-fc594422a8ef) | ## Manage employee and customer sessions These tabs allow you to **manage employee and customer sessions**. To delete a session and sign out the user, click on the delete button in the Actions column. To access the back office, the employee or customer will need to sign back in using their email and password.

The **Employee Sessions** tab allows you to manage employee sessions.

The **Customer Sessions** tab allows you to manage customer sessions.

### Clear outdated Sessions The Clear button allows you to manually delete outdated sessions to reduce database clutter.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.prestashop-project.org/v.8-documentation/user-guide/configuring-shop/advanced-parameters/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.