Enable all character types of the password strength policy

Hello,

I’m currently configuring the password strength of a DB Connection, I enabled to Good strength but couldn’t force the user to use all characters types, only 3 of 4.
So I was wondering what’s the point of increasing from Fair to Good if the user has the choice to not use the special characters?

Thank you

That’s a known problem. There is no functional difference between “fair” and “good”… all “fair” passwords also pass the requirements for “good”. I believe the password settings page was going to be overhauled but haven’t seen mention of it in a while. It would be worthwhile submitting feedback to Auth0 on this.

2 Likes

Yep the best way to approach it would be to do what Mark suggested providing as much context as possible to your feedback

1 Like