Hi @SaqibHussain thank you for the reply!
My team would welcome that feature as our system got dinged by our pen tester for allowing such passwords as “Password1!”. Although it met our complexity requirements, it is still a very easy password to guess. I was looking at Auth0’s Password Dictionary to help with this issue.
As it stands, an “exact match” approach makes the Password Dictionary feature not very useful. Configuring moderate complexity requirements eliminates most of the 10k common passwords from being accepted by the system.
I would be happy to submit a feature request for the Password Dictionary to apply a “fuzzy” match to passwords that contain common or easy to guess words despite meeting complexity requirements. I’m not sure how to phrase it, but setting the password to “Password1!” should be rejected because it contains the word “password” and “password” makes up 8 of the 10 letters.
Would you be able to direct me on how to submit feature requests?