Title here
Summary here
Password Policy
Authelia allows administrators to configure an enforced password policy.
Configuration
This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options.
The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.
password_policy:
standard:
enabled: false
min_length: 8
max_length: 0
require_uppercase: false
require_lowercase: false
require_number: false
require_special: false
zxcvbn:
enabled: false
min_score: 3Options
This section describes the individual configuration options.
standard
This section allows you to enable standard security policies.
enabled
boolean
false
not required
Enables standard password policy.
min_length
integer
8
not required
Determines the minimum allowed password length.
max_length
integer
0
not required
Determines the maximum allowed password length.
require_uppercase
boolean
false
not required
Indicates that at least one UPPERCASE letter must be provided as part of the password.
require_lowercase
boolean
false
not required
Indicates that at least one lowercase letter must be provided as part of the password.
require_number
boolean
false
not required
Indicates that at least one number must be provided as part of the password.
require_special
boolean
false
not required
Indicates that at least one special character must be provided as part of the password.
zxcvbn
This password policy enables advanced password strength metering, using zxcvbn.
Note that this password policy do not restrict the user’s entry it just gives the user feedback as to how strong their password is.
enabled
boolean
false
not required
Important Note: only one password policy can be applied at a time.
Enables zxcvbn password policy.
min_score
integer
3
not required
Configures the minimum zxcvbn score allowed for new passwords. There are 5 levels in the zxcvbn score system (taken from github.com/dropbox/zxcvbn):
- score 0: too guessable: risky password (guesses < 10^3)
- score 1: very guessable: protection from throttled online attacks (guesses < 10^6)
- score 2: somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
- score 3: safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
- score 4: very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
We do not allow score 0, if you set the min_score value to 0 instead the default will be used instead.
Prev
Regulation
Next
Identity Validation