I was reading this article from your blog and, after some research on this forum and the documentation, I found it impossible to meet the actual NIST guidelines by using the Password Strength options.
From all the requirements, I’m not able to meet these ones at the same time:
• Users should be prevented from using sequential (ex. “1234”) or repeated (ex. “aaaa”) characters
• Complexity requirements should not be used, ex. requiring special characters, numbers, uppercase, etc.
In the configuration screen, I’m forced to enforce all the previous requirements if I don’t want to allow users to use no more than two identical characters in a row.
Is there a way to skip the complexity requirements? Do you have plans to make this requirements optional? (e.g. only chose the ones you want)