Enable all character types of the password strength policy


I’m currently configuring the password strength of a DB Connection, I enabled to Good strength but couldn’t force the user to use all characters types, only 3 of 4.
So I was wondering what’s the point of increasing from Fair to Good if the user has the choice to not use the special characters?

Thank you

That’s a known problem. There is no functional difference between “fair” and “good”… all “fair” passwords also pass the requirements for “good”. I believe the password settings page was going to be overhauled but haven’t seen mention of it in a while. It would be worthwhile submitting feedback to Auth0 on this.


Yep the best way to approach it would be to do what Mark suggested providing as much context as possible to your feedback

1 Like