Any update on this please?
This feature is required by our cyber security team and we can’t enforce it when using the Universal login experience
+1 for this request.
I recently implemented the password change function in the new Auth0 Forms. The password form in this flow has only one checkbox for password complexity that enforces all 4 character types, but the Auth0 Database password policy only enforces 3 out of 4 character types. This results in a password complexity gap between the regular Universal login forgot password/sign up and any inflow workflow using Forms.
+1 for this request please. We need this
+1 for this. I doubt that OSWAP and NIST guidelines would let passwords such as ‘Password1234’ being accepted as ‘Excellent’.
Hope this is implemented soon
Thanks!
2 Likes
Would this feature enforce the “Special characters” requirement when the database connection “Password Strength” policy is “good” or higher?
AFAICS this isn’t enforced when using Create User API even though “No more than 2 identical characters in a row” is enforced when policy is “excellent”.
I’m definitely +1 for this, even though the current NIST guidelines say that we:
[SHOULD] NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
Related: