Password expiration policy

isaac.gontovnik · July 21, 2022, 8:47pm

It will be great to have a password expiration policy feature at Auth0. Best,

tyf · July 22, 2022, 12:14am

Hello @isaac.gontovnik welcome to the community!

While not available as a setting in the Dashboard per se, you can certainly take advantage of Rules or (preferably) Actions. For example, there is currently a template available when you go to create a Rule in your Dashboard called “Check last password reset” which you can configure to force a user’s password to be reset after a specific amount of time. The rule looks like this:

function checkLastPasswordReset(user, context, callback) {
  function daydiff(first, second) {
    return (second - first) / (1000 * 60 * 60 * 24);
  }

  const last_password_change = user.last_password_reset || user.created_at;

  if (daydiff(new Date(last_password_change), new Date()) > 30) {
    return callback(new UnauthorizedError('please change your password'));
  }
  callback(null, user, context);
}

Alternatively, you could use a Post Login Action to achieve similar results by utilizing the last_password_reset of the event.user object.

Hope this helps!

tyf · August 6, 2022, 12:14am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Built-in support for password expiration in Auth0 Help	2	3293	April 12, 2022
Passoword expiration requirement Help reset-password	6	9412	March 29, 2019
Require password reset after x days Help auth0 , rules , management-api , login	3	5103	February 3, 2021
Automatic Password Expiry after N days \|\| Upon pwd expiry route user to password reset page Help auth0 , password-reset , rules	0	2047	April 11, 2022
Force user to use a new password Help password-reset , rules	2	6991	July 25, 2019

Password expiration policy

Related Topics