Set Strong Password Policy

The Password Policy feature allows you to enhance authentication security by defining the password rules. This guide will help you in setting a Password Policy using various password scales.

Access Password Policy Section

  1. Log in to your LoginRadius Dashboard account.
  2. Select your app, then from the left navigation panel, click Security and then navigate to the Password Policy section.
  3. Click the down arrow, the Password Policy screen will appear:

    alt_text

LoginRadius allows you to set up password strength from Weak to Very Strong with a set of predefined rules explained below, or you can set Custom Rules for the password.

Choose Password Policy

LoginRadius provides the following predefined list of rules for your ease:

For ease, you can apply one of the following for your consumers. If desired, you can configure custom password rules as per your business requirements:

  1. Weak: Allows your consumers to set passwords from min length 6 to max length 20 with alphanumeric characters.
  2. Medium: Allows your consumers to set passwords from min length 6 to max length 20 with at least 1 uppercase character, 1 special character, and 1 digit required. Commonly used passwords will not be allowed to be set as passwords.
  3. Strong: Allows your consumers to set passwords from min length 6 to max length 20 with at least 1 uppercase character, 1 special character, and 1 digit required. Commonly used passwords, dictionary words, profile words will not be allowed to set as passwords. Also, the consumers cannot use the last 3 passwords again for their accounts.
  4. Very Strong: Allows your consumers to set passwords from min length 6 to max length 20 with at least 1 uppercase character, 1 special character, and 1 digit required. Commonly used passwords, dictionary words, profile words will not be allowed to set as passwords. Also, the consumers cannot use the last 3 passwords again and must change passwords each month.

Set Custom Password Policy

To set up a custom password policy ruleset, click anywhere on the Custom scale. The Custom Password Policy screen will appear:

alt_text

Enter or select the following details:

  1. Password Validation: Password Validation allows you to set the length (6 to 32 ) and type of the password (alphabet, alphanumeric, or Most used combination).

Note: Most used combinations contain at least 1 uppercase character, 1 special character, one number.

alt_text

  1. Common Password Protection: Common Password Protection enables you to prevent consumers from using common passwords. The list of common passwords is maintained by LoginRadius and gets updated regularly.
  2. Profile Password Prevention: Profile Password Prevention enables you to prevent your consumers from using the profile data for the account password. For example, the values of consumer profile fields like username, email id, first name, etc cannot be used as an account password.
  3. Dictionary Password Prevention: Dictionary Password Prevention enables you to prevent your consumers from setting the dictionary passwords. LoginRadius uses this dynamic Password Dictionary to avoid the use of dictionary passwords.
  4. Password History: You can configure the number of unique passwords a consumer must set before reusing an old password. This enables you to enhance security by ensuring that old passwords are not reused frequently.
  5. Password Expiration: You can set the password expiry configuration to request an updated password from your consumers periodically. This feature allows you to customize how often you want your consumers to reset their passwords.

Go Back to Home Page