Incapsula's password policy obligates customers to set a passcode of at least 8 characters and doesn't demand any particular complexity.
In addition, Incapsula has two other methods to restrict access to each account:
1. Enabling Two Factor Authentication for the account. This can be done by going to: Account > Details > Two Factor Authentication for Your Account, press and setup your chosen authentication methods.
Click Management > Account Settings.
You can enable the following: (For more information about account settings: Link)
|Require users to use two-factor authentication||Forces all users of the account to configure two-factor authentication for their logins. Users that have not configured two-factor authentication will be required to do so before logging in. (Available for account admins only.)|
|Allow Two-factor authentication through E-mail||Enables users to receive a passcode for two-factor authentication via email. If this option is not selected, users can choose to receive a passcode via text message or the Google Authenticator app only.|
2. Restricting to log in the account from a specific IP address. This can be done by going to: Account > Details > Account Details > Allow to login only from the following IP addresses, and add the requested IP address.