By default, the  enforces very few requirements on password length, capitalization, or special characters. Users who are setting or resetting their passwords are permitted to create a password of one character in length with no additional requirements.

NOTE: When passwords are set or reset, the platform does perform an assessment of the quality of the password and reports it to the user before saving. For more information, see User Profile Page.


Before you permit users to create accounts, you should review the password requirements for your enterprise and, where needed, apply them to the .

Enable

To enable enforcement of password criteria, please enable the following parameter.

Steps:

Locate the following parameter and set it to true:

"feature.enablePasswordCriteria": true,


    When enabled, submitted changes to user passwords are evaluated based on the configuration settings defined below.

Configure

The following parameters govern the password criteria enforced by the  when the feature is enabled.

ParameterDescriptionDefault
webapp.passwordCriteria.length.min

Minimum length of a password to

0
webapp.passwordCriteria.length.max

Maximum length of a password to

100
webapp.passwordCriteria.descriptionText describing the criteria that a password must meet. Specify this value last.
webapp.passwordCriteria.contains.uppercaseDefines whether the password must contain uppercase charactersundefined
webapp.passwordCriteria.contains.symbolsDefines whether the password must contain symbolsundefined
webapp.passwordCriteria.contains.spacesDefines whether the password must contain space charactersundefined
webapp.passwordCriteria.contains.lowercaseDefines whether the password must contain lowercase charactersundefined
webapp.passwordCriteria.contains.lettersDefines whether the password must contain letters (a-z)undefined
webapp.passwordCriteria.contains.digitsDefines whether the password must contain digits (0-9)undefined

Criteria settings:

Some of the criteria settings support the following options:

SettingDescription
enforceEach password must pass this requirement.
forbidPasswords cannot have this requirement.
undefined(default) This requirement is disabled. Users may choose to include or not include this requirement in their passwords.