Auth0 Home Blog Docs

Username-Password-Authentication - is there a way to programmatically override options here?

username-password-co

#1

Hi,

We’re creating a React-Native app and implementing your Auth0 in it. We saw and have implemented some of your options here in the Auth0 Dashboard for Username-Password-Authentication (Auth0 Dashbaord > Connections > Database > Username-Password-Authentication > Password Policy, or the URL is: https://manage.auth0.com/#/connections/database/con_kfdUA3EhcIrcXzpA/security).

One thing - is there a way to override programmatically the options for password strength? I ask because we were seeking something in between two of your hard set options — we were looking for something in between six letters minimum and eight characters with a mix of capital letters, lower case and numbers. We were seeking something in between that for our users, such as 7 or 8 characters with a mix of letters & numbers, not necessarily capitalized letters.

If there is a way to do this programmatically with Auth0, and there is documentation on how to do it, if you could please point me in that direction, please, I would be very grateful.

Also, as a feature request, I think the slider to choose level of Password security is nice, but I would also like like to see a choice dialogue with checkboxes or drop-downs for more granular choices. Something like —

] - Must Use One Uppercase Letter

] - Must Use One Numeral

] - Must Use Special Characters !@#$%^&*]

Minimum Number of characters -

                   6      <= (drop down or scroll wheel)

                   7

                   8

                   9

                   ≥10

… etc.

Just my suggestion. Please let me know if any of what I ask for overriding the parameters for Password security programmatically is possible. Thank you in advance.

best,

— faddah wolf

 portland, oregon, u.s.a.

#2

Thanks for the feedback and for the feature request. Currently Auth0 provides 5 levels of security password strength policies to match [OWASP password recommendations] (https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Implement_Proper_Password_Strength_Controls). The only way to configure them in through the slider you mention. You have other password options available, such as the Password History, Password Dictionary and Personal Data.

You can update these settings through the management API, using the PATCH /api/v2/connections/{id} as stated in the documentation, but you’ll only be able to update the password strength policy with the specified levels, e.g. "passwordPolicy": "fair".


#3

Hello @ricardo.batista ,

Thank you responding. Ok, I get it — the P/W policy is just those set levels in the Auth0 Service, for now. Is there a more formal way I can make sure my feature request above is correctly submitted to Auth0, or have you all ready handled that? If there is a process I should follow for that, please let me know and I’ll do it. And thank you again for your response.

best,

— Faddah Wolf

  portland, oregon, u.s.a.