Configure password validation

User accounts in Asgardeo can be secured from password attacks by defining password validation rules.

When a user configures a password that does not abide by the validation rules, they will be requested to re-enter a password.

To configure password validation:

1. On the Asgardeo Console, go to Login & Registration.

2. Under Login Security, click on Password Validation.

   

3. Enter values to update the following parameters according to the requirements of your password policies.

   Parameter	Description
   Password Expiration	The number of days after which the password expires. If a user attempts to log in using an expired password, the user will be redirected to reset the password.
   Password History Count	[Optional] This field identifies the number of new unique passwords that must be set before an old password can be reused again. Example: If you assign 3 as the password history count, the user cannot use the last three passwords they have used.
   Number of characters	You can add the minimum and maximum length of the password users should use.
   Mandatory characters	By default, a user password should contain at least one of the following characters. Numbers Upper-case characters: Lower-case characters Special characters
   Number of unique characters	[Optional] This field identifies the number of unique (non-repeated) characters the password should contain.
   Number of repeated characters	[Optional]This field identifies the number of characters that can be repeated consecutively in a user password. Example: If you assign 1 as the number of repeated characters, the password cannot contain any repeated characters consecutively. The password aa1@Znlq is incorrect as it has the character a appearing consecutively.

4. Click Update to save your password validation rules.