The “Disallow Personal Data” Password Setting with New and Existing Users

auth0.knowledge2 · March 10, 2025, 5:35pm

Overview

This article will explain how the Disallow Personal Data setting being enabled on a database connection will affect current or future users.

Applies To

Password Options
Auth0 Database Connections
Personal Data

Solution

This feature will affect users in the following ways:

For Current Users with Existing Passwords:

This feature does not retroactively affect existing passwords. Users who have passwords before the setting is enabled data can continue using passwords that contain restricted parts of their personal without disruption.

For Future Password Changes or New Accounts:

Once the setting is enabled, new users or existing users updating their passwords will not be allowed to set passwords containing the restricted parts of their personal data.

Considerations Before Enabling the Setting:

For security reasons, if existing users have passwords that have not been verified through this setting, implement a process to prompt them to update their passwords once the setting is enabled.

For example, in an Auth0 Action, when the user logs in, compare their account creation date to the date the setting was enabled and trigger a password change based on the outcome.

Topic		Replies	Views
Disallow Personal Data in Password Get Help password	3	2629	July 23, 2021
Personal Data Password Policy Still Permitting Parts of Email Knowledge Articles	1	532	October 5, 2023
Password strength change Get Help	2	1988	December 8, 2021
Password Strength and Custom Database Get Help password , custom-database , password-strength	3	4597	March 2, 2018
Password Options Get Help user-profile , user-management	2	347	February 23, 2024