Thank you @aniruddha for providing your +1!
+1 really need this.
Any update on this?
Nothing yet. As soon as I know something from our product team, Iâll let everyone on this thread know!
We also would prefer this was a setting we could have. Iâm not in a heavily regulated industry but we would need to loosen our current password policy if we were to switch. Not great.
Thank you for adding your context David! Iâm gonna advocate for that as well!
Hi, all.
Is there any way to workaround this issue? Itâs a huge blocker for us.
Thanks
Hey there everyone!
Iâve got a bit of an update on this one. We just reviewed it with the Product Team and itâs a part of our flexible user journey initiative and is taken into account but as of now it doesnât have any public timeline yet. Thank you!
Perhaps a broader issue of more flexible password policies, to include the request to allow passphrases (longer password, but not necessarily including special characters, numbers, different casing) - as per Password policy that supports passphrases / phrase passwords ?
+1 on requiring 4/4 as a pentest just now highlighted this
+1 on requiring 4/4. Flagged in a pentest as well.
I would urge everyone here to read the following articles re: password strength. I realize for some it may be a regulatory requirement but âcomplexity rulesâ do not improve your security posture. Complexity rules lead users directly to predictable (exploitable) patterns of behaviour. If your own security teams are advocating complexity rules then try to educate them on this. Thereâs plenty of evidence out there to support arguing against âstrong password policyâ.
Feature: Provide a short title of your feature request/feedback.
We have a requirement from our security team for passwords to require at least one uppercase letter, lowercase letter, digit, and special character. The current password creation requirements only require 3 of 4 of those options. We would like to be able to toggle a âforce-all-four optionsâ so that passwords would require one of each.
Description: Give us some details about your feedback/feature request. Examples, screenshots, videos, etc. are helpful.
Use-case: Tell us what you are building. How would the feedback/feature improve your experience?
Health care messaging security
Hi @dmart,
Thank you for creating this feedback request!
There is already a feedback request created asking to support all password complexity options (4 of 4).
Given that, I have gone ahead and merged the two feedback requests for consistency and tracking purposes.
If you havenât, I recommend upvoting on the feedback request so our engineers can prioritize implementation based on these votes.
Thanks,
Rueben
+1 for 4/4 requirement on password policy! Are there any public timelines on this one yet @konrad.sopala?
Hey there!
Unfortunately nothing public yet. As far as I know itâs a part of our flexible user journey initiative. As soon as I know the dates Iâm gonna make sure to relay it here. Thank you!
replying to keep this thread alive. our enterprise with 70k+ customers is also considering Auth0, but we will need all four criteria required as well for compliance reasons.
Is this a feature thatâs being worked on within the roadmap?
we also desperately need this 4 out 4 rule to be available. How we could switch it on
According to Auth0 (Okta these days) having âExcellentâ strength for password policy would allow âPassword1â for a password, this is a JOKE! Right?
And to make it worth âBreached Password Detectionâ security control isnât really helping much, Iâve tried al least dozen of known breached passwords and all went unnoticed by the so called security control! Câmon Auth0 - itâs just not good.
Guys, 3 years since this feature was requested, a lot of votes and NOTHING in the radar?
really?