+1 for 4/4 conditions. Its critical requirement for our financial institution
This needs to be improved - 3/4 requirements at 8 or 10 characters is too weak. As others have already stated, there are situations where this doesn’t meet security standards.
+1 This should be a primary thing in Auth0
Thanks everyone for upvoting it and sharing your feedback. I’ll make sure to relay that to our product team!
+1 really need this to meet our security standards requirements
Thank you @aniruddha for providing your +1!
+1 really need this.
Any update on this?
Nothing yet. As soon as I know something from our product team, I’ll let everyone on this thread know!
We also would prefer this was a setting we could have. I’m not in a heavily regulated industry but we would need to loosen our current password policy if we were to switch. Not great.
Thank you for adding your context David! I’m gonna advocate for that as well!
Is there any way to workaround this issue? It’s a huge blocker for us.
Hey there everyone!
I’ve got a bit of an update on this one. We just reviewed it with the Product Team and it’s a part of our flexible user journey initiative and is taken into account but as of now it doesn’t have any public timeline yet. Thank you!
Perhaps a broader issue of more flexible password policies, to include the request to allow passphrases (longer password, but not necessarily including special characters, numbers, different casing) - as per Password policy that supports passphrases / phrase passwords ?
+1 on requiring 4/4 as a pentest just now highlighted this
+1 on requiring 4/4. Flagged in a pentest as well.
I would urge everyone here to read the following articles re: password strength. I realize for some it may be a regulatory requirement but “complexity rules” do not improve your security posture. Complexity rules lead users directly to predictable (exploitable) patterns of behaviour. If your own security teams are advocating complexity rules then try to educate them on this. There’s plenty of evidence out there to support arguing against “strong password policy”.
Feature: Provide a short title of your feature request/feedback.
We have a requirement from our security team for passwords to require at least one uppercase letter, lowercase letter, digit, and special character. The current password creation requirements only require 3 of 4 of those options. We would like to be able to toggle a “force-all-four options” so that passwords would require one of each.
Description: Give us some details about your feedback/feature request. Examples, screenshots, videos, etc. are helpful.
Use-case: Tell us what you are building. How would the feedback/feature improve your experience?
Health care messaging security
Thank you for creating this feedback request!
There is already a feedback request created asking to support all password complexity options (4 of 4).
Given that, I have gone ahead and merged the two feedback requests for consistency and tracking purposes.
If you haven’t, I recommend upvoting on the feedback request so our engineers can prioritize implementation based on these votes.
+1 for 4/4 requirement on password policy! Are there any public timelines on this one yet @konrad.sopala?
Unfortunately nothing public yet. As far as I know it’s a part of our flexible user journey initiative. As soon as I know the dates I’m gonna make sure to relay it here. Thank you!