Password Policy
To enforce your custom password policy, all you need to do is to configure it accordingly to your needs.
To enforce your custom password policy, all you need to do is to configure it accordingly to your needs.
To customize password policy, go to Dashboard > Settings > Database.
Configuration
Field | Description |
---|---|
Min-Max | Define minimum and maximum lengths of password. |
Custom Characters | If specified, your users must include at least one of provided characters in their password |
At Least X lowercase letter | If provided, your users must include at least X lowercase letters in their password |
At Least X uppercase letter | If provided, your users must include at least X uppercase letters in their password |
At Least X number | If provided, your users must include at least X numbers in their password |
window.PlusAuth.settings.password_policy
Password History
The system will maintain a password history for each user and prevent the reuse of old passwords. The password history can be up to 10 passwords in size. When enabled, any existing users will be unaffected; the system will maintain their password history going forward.
Password Hash Function
PlusAuth even lets you customize the password hash function used in its database. Available options are
- bcrypt
- argon2
- pbkdf2
By default bcrypt
is used as it is mostly used hash algorithm. If you change your hash algorithm, existing users will
be migrated to that hash algorithm on their first successful login.
This configuration set per-user basis, storing the hash function in user.credentials
object.
User credentials can be accessed from only Core API > Users > Get User
Here is an example credential object:
{
"id": "CREDENTIAL_ID",
"type": "password",
"details": {
"hash": "HASH_STRING",
"salt": "SALT_STRING",
"hash_fn": "bcrypt"
},
"connection": null,
"created_at": "2021-01-01T00:00:00.000000+00:00",
"updated_at": null
}