Hello,
How can we vary password strength and length requirements (via the same connection) based on some information about the user? For example, there are some users who we want to require longer passwords for.
Thank you!
Hi @rogupta
Can you give more details about the use case?
I don’t think this is a good idea. It may be possible with a lot of effort. The question is “why?”. This almost sounds like punishing some users! If you require a certain strength, why shouldn’t it apply to all?
John
Hi John,
The reason is that some users have more privileges than others. We would like users with more privileges (e.g., organization admins) to have stricter password requirements.
How could we achieve this?
Thanks!
Hi @rogupta
Easy answer: use two DB connections, each has its own password requirements. You’ll have to figure out how to get the users to log in to the right DB - this can be challenging.
Better answer: use good password requirements for all users, and for users with escalated privileges, use MFA or step-up authentication.
Johh
1 Like