What is the maximum number of custom entries Auth0 supports using the Password Dictionary feature for Database Connections?
I have a need to supply my own list of common passwords to disallow. This list will grow over time. I want to make sure that Auth0 would be able to support this.
(PS: the tags for posts do not seem to be working properly? I tried to add relevant tags I see on other posts like password-policy but they do not show up as options for me)
The maximum number of custom entries for the Password Dictionary is 200. While we cannot increase this limit, we have had requests to increase this limit in the past, and if you would like to see a higher limit we would recommend making a feature request here sharing your use case with our product team.
That is very unfortunate to hear. We need this functionality in order to meet our security compliance requirements under the HITRUST framework. I was told explicitly by our auditors that such a low cap is nowhere near sufficient.
Is there any way to replicate that functionality using extensibility features? So we could develop our own dictionary-checking functionality when passwords are set?
I am sorry the hear that the limit is too low for your use case. Unfortunately I do not believe there would be any viable alternative through the extensibility features as user passwords are not accessible within Actions or Rules.