Password policy
Set up password policy
For new users or users who are updating their password, you can set a password policy to enforce password strength requirements. Visit the Console > Security > Password policy to configure the password policy settings.
- Minimum password length: Set the minimum number of characters required for the password. (NIST suggests using at least 8 characters)
- Minimum required character types: Set the minimum number of character types required for the password. The available character types are:
- Uppercase letters:
(A-Z) - Lowercase letters:
(a-z) - Numbers:
(0-9) - Special characters:
(!"#$%&'()\*+,-./:;<>=?@[]^\_`|{}~ )
- Uppercase letters:
- Breach history check: Enable this setting to reject passwords that have been previously exposed in data breaches. (Powered by Have I Been Pwned)
- Repetition check: Enable this setting to reject passwords that contain repetitive characters. (e.g., "11111111" or "password123")
- User information check: Enable this setting to reject passwords that contain user information such as username, email address, or phone number.
- Custom words: Provide a list of custom words (case-insensitive) that you want to reject in the password.