Skip to content
No results found.

Password Policy

To enforce your custom password policy, all you need to do is to configure it accordingly to your needs.

To customize password policy, go to Dashboard > Settings > Database.

Configuration

FieldDescription
Min-MaxDefine minimum and maximum lengths of password.
Custom CharactersIf specified, your users must include at least one of provided characters in their password
At Least X lowercase letterIf provided, your users must include at least X lowercase letters in their password
At Least X uppercase letterIf provided, your users must include at least X uppercase letters in their password
At Least X numberIf provided, your users must include at least X numbers in their password

In PlusAuth views you can access this configuration from window.PlusAuth.settings.password_policy

Password History

The system will maintain a password history for each user and prevent the reuse of old passwords. The password history can be up to 10 passwords in size. When enabled, any existing users will be unaffected; the system will maintain their password history going forward.

Password Hash Function

PlusAuth even lets you customize the password hash function used in its database. Available options are

  • bcrypt
  • argon2
  • pbkdf2

By default bcrypt is used as it is mostly used hash algorithm. If you change your hash algorithm, existing users will be migrated to that hash algorithm on their first successful login.

This configuration set per-user basis, storing the hash function in user.credentials object. User credentials can be accessed from only Core API > Users > Get User

Here is an example credential object:

{
"id": "CREDENTIAL_ID",
"type": "password",
"details": {
"hash": "HASH_STRING",
"salt": "SALT_STRING",
"hash_fn": "bcrypt"
},
"connection": null,
"created_at": "2021-01-01T00:00:00.000000+00:00",
"updated_at": null
}