Feature request: Password policy require 4 of 4 requirements

Thank you @aniruddha for providing your +1!

+1 really need this.
Any update on this?

Nothing yet. As soon as I know something from our product team, I’ll let everyone on this thread know!

1 Like

We also would prefer this was a setting we could have. I’m not in a heavily regulated industry but we would need to loosen our current password policy if we were to switch. Not great.

1 Like

Thank you for adding your context David! I’m gonna advocate for that as well!

1 Like

Hi, all.
Is there any way to workaround this issue? It’s a huge blocker for us.
Thanks

Hey there everyone!

I’ve got a bit of an update on this one. We just reviewed it with the Product Team and it’s a part of our flexible user journey initiative and is taken into account but as of now it doesn’t have any public timeline yet. Thank you!

Perhaps a broader issue of more flexible password policies, to include the request to allow passphrases (longer password, but not necessarily including special characters, numbers, different casing) - as per Password policy that supports passphrases / phrase passwords ?

1 Like

+1 on requiring 4/4 as a pentest just now highlighted this

+1 on requiring 4/4. Flagged in a pentest as well.

I would urge everyone here to read the following articles re: password strength. I realize for some it may be a regulatory requirement but “complexity rules” do not improve your security posture. Complexity rules lead users directly to predictable (exploitable) patterns of behaviour. If your own security teams are advocating complexity rules then try to educate them on this. There’s plenty of evidence out there to support arguing against “strong password policy”.

1 Like

Feature: Provide a short title of your feature request/feedback.
We have a requirement from our security team for passwords to require at least one uppercase letter, lowercase letter, digit, and special character. The current password creation requirements only require 3 of 4 of those options. We would like to be able to toggle a “force-all-four options” so that passwords would require one of each.

Description: Give us some details about your feedback/feature request. Examples, screenshots, videos, etc. are helpful.

Use-case: Tell us what you are building. How would the feedback/feature improve your experience?
Health care messaging security

Hi @dmart,

Thank you for creating this feedback request!

There is already a feedback request created asking to support all password complexity options (4 of 4).

Given that, I have gone ahead and merged the two feedback requests for consistency and tracking purposes.

If you haven’t, I recommend upvoting on the feedback request so our engineers can prioritize implementation based on these votes.

Thanks,
Rueben

2 Likes

+1 for 4/4 requirement on password policy! Are there any public timelines on this one yet @konrad.sopala?

Hey there!

Unfortunately nothing public yet. As far as I know it’s a part of our flexible user journey initiative. As soon as I know the dates I’m gonna make sure to relay it here. Thank you!

replying to keep this thread alive. our enterprise with 70k+ customers is also considering Auth0, but we will need all four criteria required as well for compliance reasons.

Is this a feature that’s being worked on within the roadmap?

we also desperately need this 4 out 4 rule to be available. How we could switch it on