Can we create policy for password

Hanska · April 26, 2022, 9:46am

Hello,

I’m wondering if it’s possible to create policies when users are changing their password using userpass/password method.

I’m working this way :

I’m using the userpass method for authentification
Users can change their password to rotate their vault’s password

But there is a problem, actually I don’t know how to control the fact that users have strong passwords or not. At the moment a user can change his password to " 1234", and it’s going to work. Is there a way to put password’s policies to control their password gestion ? Like put a minium length, uper and lower cases etc…

aram · April 27, 2022, 6:30am

Search the forum there are multiple threads on how setup the policy to allow users to change their own password.

As far as password requirements, AFAIK there is no way to control that at the moment. What you can do now with 1.10 is add MFA requirements, which sort of makes the password strength thing moot.