For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dashboard
DocumentationAPI Reference
DocumentationAPI Reference
    • What is Auth.it?
  • Getting Started
    • Quick Start Guide
    • Example Apps
  • Configuration
    • Authentication
      • Social Login
      • Password Policy
      • Multi-Factor Authentication (MFA)
      • Passkeys
      • Magic Links
      • Self-Registration
      • Session Settings
    • Branding
    • Domains
    • Email
    • Roles
  • Entities
    • Organizations
    • Users
  • Developer
    • Audit Logs
    • Webhooks
    • Applications
    • API Keys
  • Resources
    • GitHub
Dashboard
LogoLogo
ConfigurationAuthentication

Password Policy

Was this page helpful?
Previous

Multi-Factor Authentication (MFA)

Next
Built with

When users register an account (instead of signing in through a social login), Auth.it enforces a password policy that defines the required password complexity and format.

By default, Auth.it applies a strong password policy that includes a minimum length of 10 characters, character type requirements, and blocking the 3 most recently used passwords when a user changes their password:

Default password policy

You can disable the password policy entirely or customize any of its parameters:

  • Minimum password length
  • Number of lowercase characters required
  • Number of uppercase characters required
  • Number of numeric characters required
  • Number of special characters required
  • Number of recently used passwords to block

In the Authentication view, scroll down to the Email & Password section and click Configure Email & Password to open the password policy settings.

To customize the default password policy:

  1. Click Custom.
  2. Adjust any of the password policy parameters.
  3. Click Save.

Custom password policy

For example, depending on your application’s audience or security requirements, you might increase the Minimum password length to 15 or more, or disable composition rules altogether (setting lowercase, uppercase, and special character requirements to 0). This approach aligns your password policy with modern password manager practices.