authelia/docs/configuration/password_policy.md
James Elliott 9e05066097
refactor(handlers): ppolicy (#3103)
Add tests and makes the password policy a provider so the configuration can be loaded to memory on startup.
2022-04-03 21:58:27 +10:00

2.7 KiB

layout title parent nav_order
default Password Policy Configuration 17

Password Policy

Authelia allows administrators to configure an enforced password policy.

Configuration

password_policy:
  standard:
    enabled: false
    min_length: 8
    max_length: 0
    require_uppercase: false
    require_lowercase: false
    require_number: false
    require_special: false
  zxcvbn:
    enabled: false

Options

standard

type: list {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

This section allows you to enable standard security policies.

enabled

type: bool {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

Enables standard password policy.

min_length

type: integer {: .label .label-config .label-purple } default: 8 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

Determines the minimum allowed password length.

max_length

type: integer {: .label .label-config .label-purple } default: 0 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

Determines the maximum allowed password length.

require_uppercase

type: bool {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

Indicates that at least one UPPERCASE letter must be provided as part of the password.

require_lowercase

type: bool {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

Indicates that at least one lowercase letter must be provided as part of the password.

require_number

type: bool {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

Indicates that at least one number must be provided as part of the password.

require_special

type: bool {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

Indicates that at least one special character must be provided as part of the password.

zxcvbn

This password policy enables advanced password strength metering, using zxcvbn.

Note that this password policy do not restrict the user's entry it just gives the user feedback as to how strong their password is.

enabled

type: bool {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

Important Note: only one password policy can be applied at a time.

Enables zxcvbn password policy.