Can we have custom password policy

kiran.ms · May 19, 2021, 12:14pm

Hi,

Currently we have a password policy which doesn’t match exactly with any of your existing password policies (None, Low, Fair, Good or Excellent).

Can we have a custom password policy which applies to both new signup and password reset?

konrad.sopala · May 19, 2021, 1:05pm

Hey there!

Unfortunately as far as I know the answer is no but let me research that once again and get back to you soon!

john.gateley · May 19, 2021, 2:08pm

Hi @kiran.ms

We do not have custom password policies. We follow the OWASP recommendations on password strength (there is a link on the password policy page)

Custom password policies don’t really add any security. Just use the appropriate level from OWASP.

Having said that, you CAN implement a custom password policy using a custom DB connection, but it is a lot of work (and doesn’t get you anything from a security point of view).

John

konrad.sopala · May 27, 2021, 11:53am

Let us know if you have any other questions down the road!

kiran.ms · May 27, 2021, 12:06pm

Nothing for now. Thanks

konrad.sopala · May 28, 2021, 8:41am

Perfect! Thanks a lot!

system · June 12, 2021, 8:42am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.