Configure password validation
# Configure password validation
User accounts in Asgardeo can be secured from password attacks by defining password validation rules.
When a user configures a password that does not abide by the validation rules, they will be requested to re-enter a password.
To configure password validation:
On the Asgardeo Console, go to Login & Registration.
Under Login Security, click on Password Validation.
Enter values to update the following parameters according to the requirements of your password policies.
Parameter Description Password Expiration The number of days after which the password expires. If a user attempts to log in using an expired password, the user will be redirected to reset the password. Password History Count [Optional]
This field identifies the number of new unique passwords that must be set before an old password can be reused again.
Example: If you assign3
as the password history count, the user cannot use the last three passwords they have used.Number of characters You can add the minimum and maximum length of the password users should use. Mandatory characters By default, a user password should contain at least one of the following characters. - Numbers
- Upper-case characters:
- Lower-case characters
- Special characters
Number of unique characters [Optional]
This field identifies the number of unique (non-repeated) characters the password should contain.Number of repeated characters [Optional]
This field identifies the number of characters that can be repeated consecutively in a user password.
Example: If you assign1
as the number of repeated characters, the password cannot contain any repeated characters consecutively.
The passwordaa1@Znlq
is incorrect as it has the charactera
appearing consecutively.Click Update to save your password validation rules.