Auth0 Home Blog Docs

Password Strength and Custom Database

password
custom-database
password-strength

#1

I’m looking to increase our password policy’s strength and want to double-check something.

The documentation for Password Strength says the password validation only happens on sign-up or password change.
We have a custom database connection to import users from our old login database, some of whom will inevitably have passwords that wouldn’t match the new criteria.
As this is triggered on login not sign-up, the way I read it existing users will be able to carry on transferring their accounts to auth0 with no issues.

Can someone confirm this is the case?


#2

I tested by

  1. Creating a custom db and then setting password policy to maximum and then logging in, no interruption faced.
  2. Forcing enforced password policy on a non-strict connection with pre-existing users, no interruption faced.

There shouldn’t be any issues with migration.


#3

I tested by

  1. Creating a custom db and then setting password policy to maximum and then logging in, no interruption faced.
  2. Forcing enforced password policy on a non-strict connection with pre-existing users, no interruption faced.

There shouldn’t be any issues with migration.


#4