Auth0 Home Blog Docs

Avoiding words in Passwords

password

#1

I use software that uses Auth0 at least to validate passwords. As listed on this page: https://auth0.com/docs/connections/database/password-options#personal-data,
users can be forced to avoid certain words in their password. Using the example on the page, as of now we couldn’t use the word “John” in a password but we could use joHn in a password.

Can validating a password be (custom) changed to have it avoid John whether a letter in that word is in lower case or in upper case? So “joHn” would be avoided as well?

Best,
David


#3

@DavidAdam Hello David! Thanks for reaching out. I tried to replicate the issue you were having, but i was not able to successfully reproduce it. When signing up, I created a username and then entered various cases of a password containing that username. I was not able to successfully sign up. I would recommend turning on the Personal Data Toggle under the Password Policy section for your database connection.

Cheers,
Karen


#4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.