Available password policies
When using the Auth0 data store or a custom database connection, you can enforce the following password policies.
You can configure these options in the Auth0 Dashboard or by using the Management API.
Enforce password policies with the Auth0 Dashboard
Password policies for social and enterprise connections are enforced by each provider, not by Auth0’s database connection password policies.
- Go to Auth0 Dashboard > Authentication > Database, and select the name of the connection you want to edit.
- Select the Authentication Methods tab. Then, in the Password section, select Configure to open the Password panel.
-
Select the Security section to expand it, and then update the policies you want to change:
- Check or uncheck the Password history box. Use the Password history size field to choose the number of previous passwords that users cannot reuse.
- Check or uncheck the Password dictionary box. Use the Additional dictionary entries text field to specify additional prohibited passwords, one per line.
- Check or uncheck the Block Personal Data box.
-
Select the Composition section to expand it, then use the Strength slider to choose a level of complexity:
- None: Requires a non-empty password.
- Low: Requires a character length you specify.
- Fair: All previous, and additionally requires a lowercase letter, an uppercase letter, and a number.
- Good: Additionally requires at least three of a lowercase letter, an uppercase letter, a number, and a special character (
!@#$%^&*). - Excellent: All previous, and additionally requires there to be no more than 2 identical characters in a row.
- Click Save.
Enforce password policies with the Management API
You can use the Management API to configure password policies when you create or update a database connection. For more information, see the following endpoints: You can view a database connection’s current password policies in theoptions object returned from the Get a connection endpoint.