Fluent Commerce Logo
Docs
Sign In

Password Policies

Essential knowledge

Author:

Fluent Commerce

Changed on:

24 Jan 2024

Overview

A password policy dictates the strength and complexity requirements for a password or passphrase.

Fluent IdP supports the following types of password policies:

  • Basic: The basic policy is a more relaxed standard that allows maximum customer flexibility. The basic policy can be less secure because users are not required to change their passwords.
  • Passphrase: The passphrase policy encourages users to use a passphrase instead of a password for stronger authentication. A passphrase can be easier to remember and more secure because of its length.
  • Standard: The standard password policy incorporates industry best practices for a typical password policy. By default, a basic password policy with all requirements and rules cleared is set for each Client Account on the Fluent IdP side.


Key points

  • Password Requirements include checks for uniqueness, complexity, and length, with restrictions on repeated characters and reliance on the Gibson Research Corporation Password Haystacks concept.
  • Password Policy Rules encompass maintaining a history of prior passwords, setting expiration intervals, and defining the frequency at which passwords can be changed.
  • Account lockout rules dictate the number of allowed failed attempts before an account is locked, with automatic unlocking after a specified duration.

Password Policy Details

Password Policy has many configurations to offer. By default, all settings are not enabled. Configure policy according to your company's needs.

Password Requirements:

  • The password should not match strings that appear in the user's identity data
  • The password should not be too similar to the user's current password
  • The password will be checked against a list of most commonly-used passwords
  • The password must have a complexity of at least 7 days, based on the Gibson Research Corporation Password Haystacks concept
  • The password cannot have more than 2 repeated characters
  • The password must have a minimum of 5 unique characters
  • The password must be between 8 and 255 characters
  • The password must have at least 1 of the following characters: ~!@#$%^&*()-_=+[]{}|;:,.<>/?
  • The password must have at least 1 of the following characters: 0123456789
  • The password must have at least 1 of the following characters: 0123456789
  • The password must have at least 1 of the following characters: ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • The password must have at least 1 of the following characters: abcdefghijklmnopqrstuvwxyz

Password Policy Rules:

  • X prior passwords will be maintained in the password history count for a maximum of X days
  • The password will expire every X days
  • Passwords can be changed after X days

Account lockout rules:

  • The user's account will be locked out after X attempts
  • Automatically unlock accounts that were locked by failed password attempts after XX seconds
Fluent Commerce

Fluent Commerce

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.

Fluent Logo