A password policy sets certain standards for passwords. such You can set the password complexity and the rules for changing passwords.
A password policy minimizes the risk of using passwords by ensuring that they meet adequate complexity standards to frustrate brute force attacks. They must be changed frequently enough to mitigate the risk of someone revealing or discovering a password.
- On the top right, navigate to → Manage Users
- Navigate to User Management → Auth Configurations
Click the name of the policy to edit the configuration.
By default, AppBase creates a policy called Tenant Password Policy Configuration
Click the Edit button to set the constraints for the tenant (DB) passwords.
Max Invalid Password Attempts: Sets the number of invalid password or password-answer attempts allowed before the membership user is locked out.
Password Attempt Window: sets the number of minutes in which a maximum number of invalid password or password-answer attempts are allowed before the membership user is locked out.
Min Required Password Length: Sets the minimum length required for a password.
Min Required Non-Alphanumeric Characters: sets the minimum number of special characters that must be present in a valid password.
Password Strength Regular Expression (REGEX): sets the regular expression used to evaluate a password.
- Click Save to commit your change or Cancel to exit without saving.