Password expiration policy

It will be great to have a password expiration policy feature at Auth0. Best,

Hello @isaac.gontovnik welcome to the community!

While not available as a setting in the Dashboard per se, you can certainly take advantage of Rules or (preferably) Actions. For example, there is currently a template available when you go to create a Rule in your Dashboard called “Check last password reset” which you can configure to force a user’s password to be reset after a specific amount of time. The rule looks like this:

function checkLastPasswordReset(user, context, callback) {
  function daydiff(first, second) {
    return (second - first) / (1000 * 60 * 60 * 24);
  }

  const last_password_change = user.last_password_reset || user.created_at;

  if (daydiff(new Date(last_password_change), new Date()) > 30) {
    return callback(new UnauthorizedError('please change your password'));
  }
  callback(null, user, context);
}

Alternatively, you could use a Post Login Action to achieve similar results by utilizing the last_password_reset of the event.user object.

Hope this helps!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.