Password Policy
When users register an account (instead of signing in through a social login), Auth.it enforces a password policy that defines the required password complexity and format.
By default, Auth.it applies a strong password policy that includes a minimum length of 10 characters, character type requirements, and blocking the 3 most recently used passwords when a user changes their password:
You can disable the password policy entirely or customize any of its parameters:
- Minimum password length
- Number of lowercase characters required
- Number of uppercase characters required
- Number of numeric characters required
- Number of special characters required
- Number of recently used passwords to block
In the Authentication view, scroll down to the Email & Password section and click Configure Email & Password to open the password policy settings.
To customize the default password policy:
- Click Custom.
- Adjust any of the password policy parameters.
- Click Save.
For example, depending on your application’s audience or security requirements, you might increase the Minimum password length to 15 or more, or disable composition rules altogether (setting lowercase, uppercase, and special character requirements to 0). This approach aligns your password policy with modern password manager practices.
