Skip to content

Password validation

This guide explains how you can manage user passwords securely using multiple validation techniques, such as enforcing password expiration and imposing password complexity requirements.

Configure password validation

You may find the configuration options by following the steps below.

  1. On the Asgardeo Console, navigate to Login & Registration.

  2. Under Login Security, select Password Validation.

  3. On the Password Validation page, use the following three options to validate passwords. Each option is explained in detail in the sections below:

  4. Click Update to save the changes.

Rule-Based password expiration

Rule-based password expiration allows administrators to set custom password expiration rules based on the user's groups and roles. The higher a rule appears on the list, the greater its priority. Rules are evaluated based on their priorities and the first rule that matches the user's condition will take effect.

To configure rule-based password expiration,

  1. Turn the Password Expiration toggle on to enable password expiration.

  2. Set a default password expiry rule that applies to any user that does not meet the custom criteria.

  3. Click Add Rule and start defining custom rules. Each subsequent rule you add will be added to the top of the list. You may use the arrows on the left to change their priorities.

    Rule-Based Password Expiration

Refer to the following table for more information on rule parameters.

Parameter Description
Attribute User attribute against which you are enforcing password expiry. Select either Groups or Roles.
Values Select the specific group/role. You may also select multiple values thus making the rule act as an AND operator, and is enforced only on users belonging to all selected groups/roles.
Operator
  • Apply: Password expiry will be enforced for users who meet the rule criteria.
  • Skip: Password expiry will not be enforced for users who meet the rule criteria.
Expiration (days) Passwords of users meeting the criteria expire after this number of days.

Password history count

The Password History Count feature allows you to specify the number of unique new passwords a user must use before an old password can be reused. This enhances account security by preventing the reuse of old passwords.

Password History Count

To enable this, select the corresponding checkbox and configure the following option.

Parameter Description
Password History Count [Optional] The number of unique passwords that must be set before reusing an old password.
Example: If set to 3, the user cannot reuse the last three passwords they have set.

Password input validation

The Password Input Validation feature enables you to set password complexity requirements which include minimum password length and required character types.

Password Input Validation

Configure the following parameters to enforce input validation.

Parameter Description
Number of characters You can add the minimum and maximum length of the password users should use.
Mandatory characters By default, a user password should contain at least one of the following characters.
  • Numbers
  • Upper-case characters
  • Lower-case characters
  • Special characters
Number of unique characters [Optional] This field identifies the number of unique (non-repeated) characters the password should contain.
Number of repeated characters [Optional]This field identifies the number of characters that can be repeated consecutively in a user password.
Example: If you assign 1 as the number of repeated characters, the password cannot contain any repeated characters consecutively.
The password aa1@Znlq is incorrect as it has the character a appearing consecutively.

Validation for whitespace in passwords

Asgardeo automatically trims leading and trailing whitespace from passwords when creating, updating, or when entering passwords to login.