Password Policy
Step By Step Process
The variables PASSWORD_COMPLEXITY and MIN_PASSWORD_LENGTH can be added to the auth-service configuration (.env). This is either the
./<service_name>/configs/.env.<service_name>.<GUARDIAN_ENV>file,
or
if you’re using Building from Pre-build containers (https://docs.hedera.com/guardian/guardian/readme/getting-started/installation/building-from-pre-build-containers) - the corresponding file is used for the auth-service.
Note: These variables are not mandatory, if they’re not present, default values will be used.
Variables:
MIN_PASSWORD_LENGTH sets the required minimum password length. If it’s not specified, a default value of 8 will be used. The minimum allowable value for this variable is 1.
PASSWORD_COMPLEXITY sets the password complexity level. If PASSWORD_COMPLEXITY isn’t set, medium will be used by default.. Available values are:
easy: no rules
medium: at least one uppercase letter, one lowercase letter, and one number
hard: at least one uppercase letter, one lowercase letter, one number, and one special character
Note:
Existing users whose passwords don’t comply with the new password policy will see a notification asking them to change their password each time they log in.
Note:
When changing a password or creating a new user, if the password doesn’t meet the policy requirements, the backend will return a 422 error and the frontend will display a notification stating that the password does not comply with the password policy.
Last updated