In the password policy page inside the database connections page, the hyperlink to OWASP is no longer accessible and outdated.
I would highly suggest Auth0 to follow the NIST’s password guideline. Allow all special characters and emojis rather than limited set of special characters.
In the Password Policy documentation, you are only allowing these special characters !@#$%^&* and the OWASP even the NIST, don’t recommend limiting the special characters.