Skip to main content

Password Policy Settings

A password policy defines the password strength rules that are used to determine whether a new password is valid. A password strength rule defines how a password must be set and the guidelines it must conform to. For example, password strength rules might specify that the minimum number of characters of a password must be 5.

cidaas lets the admin user apply these rules under the Password Policy settings to encourage users to set strong passwords that are difficult to crack and use them appropriately.

password-policy

Developer Perspective

The actual purpose of the password policy is to apply the password policy as soon as a new password is set.

After configuring the password policy, to ensure all users have a strong password, this password policy must be enforced during e.g. registration or password reset.

In order to know and dynamically render the password policy, the public-endpoint returns the required password policy

APIDescriptionLink
GET Public InformationThis API will provide you with information that helps to dynamically render the hosted pages e.g. using colors, allowed login identifiers, as well as the password policyLink to the API

Administrative Perspective

Create Password Policy

To define how passwords should be set by your app users, you need to create a password policy as an admin.

The Create Password Policy option lets you set the values for the following parameters:

  • Policy Name: This mandatory field helps identify the password policy.

  • Deny Usage Count: Specifies how many times a user is prohibited from reusing a previous password. Setting this to 0 means there is no restriction on password reuse.

  • Expiration in Days : Determines the number of days after which a password expires. Setting this to 0 disables password expiration.

  • Notify User (in days) : Sets the number of days before password expiration when the user is notified. A value of 0 disables notifications.

  • Block Compromised: When enabled, prevents users from setting passwords that are known to have been compromised in security breaches.

  • Minimum Character Count: This optional field defines the minimum number of characters a password field must have when it is set.

  • Maximum Character Count: This optional field defines the maximum number of characters a password field can have when it is set.

  • Digit Count: This optional field defines the number of digits a password string must have when it is set. The admin user can adjust the slider to set the digit count.

  • Special Characters Count: This optional field defines the number of special characters a password string can have when it is set. The admin user can adjust the slider to set the special character count.

  • Lower and UpperCase: This optional field defines if the password will have upper and lower case alphabets.

  • Regex : cidaas uses Regex, short for regular expressions, which is a powerful tool used in programming and text processing to ensure passwords meet specific security requirements. These requirements can include rules like minimum/maximum length, inclusion of uppercase letters, lowercase letters, digits, special characters, and prohibiting certain patterns.

To create a password policy, follow these steps:

  1. Go to Settings > Password policy.

  2. Click Create Password Policy.

  3. Enter the preferred values.

  4. Click Save.

  5. A success confirmation message is displayed and the password policy gets added to the Password Policy list.

Setting Password Policies based on Strength

cidaas provides system-defined password policy settings that can be customized by the admin user to meet a specific policy strength requirement.

You could change the password parameter values from their default values to increase the strength of the password policy.

The password policy strength is based on the following system-defined criteria:

Default

The password policy strength is set to "default", if the following conditions are met:

  • Minimum Character Count is set to 5.
  • Maximum Character Count is set to 10.
  • Digit Count is set to 0.
  • Special Characters Count is set to 0.
  • Lower and UpperCase is disabled.

Low

The password policy strength is set to "low" , if the following conditions are met:

  • Minimum Character Count is set to 6.
  • Maximum Character Count is set to 15.
  • Digit Count is set to 0.
  • Special Characters Count is set to 0.
  • Lower and UpperCase is disabled.

Fair

The password policy strength is set to "fair", if the following conditions are met:

  • Minimum Character Count is set to 8.
  • Maximum Character Count is set to 15.
  • Digit Count is set to 1.
  • Special Characters Count is set to 0.
  • Lower and Uppercase is enabled.

Good

The password policy strength is set to "good", if the following conditions are met:

  • Minimum Character Count is set to 8.
  • Maximum Character Count is set to 20.
  • Digit Count is set to 1.
  • Special Characters Count is set to 1.
  • Lower and UpperCase is enabled.

Excellent

The password policy strength is set to "excellent", if the following conditions are met:

  • Minimum Character Count is set to 10.
  • Maximum Character Count is set to 25.
  • Digit Count is set to 2.
  • Special Characters Count is set to 2.
  • Lower and UpperCase is enabled.

Edit or delete the password policy

  1. Go to Settings > Password policy.
  2. Search or click the edit icon on the password policy.
  3. Do the required changes and click on save.
  4. Click on the delete icon to remove the password policy.

Need Support?

Please contact us directly on our support page