We are implementing Auth0 authentication for our service that exists a few years and uses a custom database that we want to substitute with Auth0 solution. It’s not live yet, but when we finish all the work needed, we are going to migrate existing users to Auth0 database. For new users, we want to force them creating strong passwords, although existing ones might already have weaker combinations, and this I see as a possible problem. We would like to make the migration for all users without any additional interactions. By that I mean we don’t want them to reset passwords.
As an investigation part of the process, I looked everywhere and couldn’t find an answer to how users with weaker passwords are handled during the migration.
I came up with 3 options for the problem:
- We should handle users with weak passwords somehow in login/getUser scripts
- We should loosen the password strength policy.
- We should do nothing because as long as the username/password combination is correct and valid in the external database, the user will be migrated to Auth0.
Can somebody tell me which option is really possible and do we need to do anything with this?
I’m sure that everybody who had already done the automatic migration, should know the answer for my question.