Create A Secure Password Policy For Your Organization with Asgardeo
A strong password policy is any organization’s first line of defense against intruders. Having a strong password policy is crucial for safeguarding sensitive information, maintaining regulatory compliance, and protecting against cyber attacks, making it an essential aspect of modern-day cybersecurity.
Please check my previous article “The Importance of Implementing a Strong Password Policy” to get an idea of importance of implementing password policies
Asgardeo provides a way for the organization owners to secure the user accounts from password attacks by defining the following password policies.
- Password Expiry
- Password History
- Password Input Validation
Steps to configure password policies of your organization
- Navigate to https://console.asgardeo.io
- Log in to your organization (You can create a new account if you are new to Asgardeo)
- Navigate to the manage section
- Click Account Security -> Password Validation
Then you can see following page , where you can configure password policies to enhance user password strength using the given features. You can configure any or all of the policies as you see fit.
Password Expiration
Asgardeo supports configuring a password expiry policy to prompt users to change their password after a defined time period.
Note : When this feature is enabled, all users in the organization will be prompted to reset their password during their first login, and thereafter prompted to reset it again when their password expires.
To enable this feature tick the check box that says “Password expires in n days.” You can specify the number of days in the text box.
Now if your password has already expired and you try to log in to MyAccount or a business application, you will be redirected to reset your password.
Password History
The password history count validation feature allows you to specify the number of new unique passwords you must set before you can reuse an old password. For example, if you set the password history count to 5, then you can reuse your current password only after setting 5 new unique passwords.
To enable this feature tick the check box that says “Must be different from the last n passwords.” You can specify the password history count in the text box.
Now, if you try to reuse an old password, you will get an error message as below.
Password Input Validation
By default, the password will require of a minimum length of 8 characters including at least a number, an upper-case letter, a lower-case letter, and a non-alphanumeric character.
The following are the supported criteria:
- Number of characters : You can add the minimum and maximum length of the password users should use.
- Mandatory characters : By default, your user password should contain at least one of the following characters.
— Numbers (0–9)
— Upper-case characters (A-Z)
— Lower-case characters (a-z)
— Special characters (!@#$%^&*)
- Unique character — This is an optional validation which use to restrict on a minimum number of different characters to be included.
- Repeated character — This is an optional validation that restricts the maximum number of repeated characters that can be added.
If this is enabled and set to 2, then passwords can not have more than 2 repeated characters.
To test how this validates follow below steps
- Navigate to manage -> users.
- Click add user
- Provide the username and other required attributes.
- Click set password
Then you can generate password or manually type a password. This will dynamically do the validation and displayed it to the user.
You can try out other flows like self-registration, password reset flow from My Account, and reset-password flows.
We are done!!!! Now you know how to configure password policies with Asgardeo to secure your users from password attacks by defining password validation rules.
Try out Asgardeo more and see how awesome it is 😎
Thanks for reading!
