I’m looking to increase our password policy’s strength and want to double-check something.
The documentation for Password Strength says the password validation only happens on sign-up or password change.
We have a custom database connection to import users from our old login database, some of whom will inevitably have passwords that wouldn’t match the new criteria.
As this is triggered on login not sign-up, the way I read it existing users will be able to carry on transferring their accounts to auth0 with no issues.
Can someone confirm this is the case?