Configure password policies

Verify allows for setting password policies for cloud directory users and users authenticating against directories connected via an identity agent.

Any change in the configured policy is enforced next time each user performs a password change. Since Verify passwords are one-way encrypted, there's no way to find existing passwords that don't meet the policy.

Set password policies

Cloud directory users have a local password in Verify. This means we can directly manage the password requirements of these users. To set up a password policy, follow the steps below.

Navigate to Configuration
Select the Password policies tab
Edit the Default password policy

Password strength

This password strength section allows you to set minimum password length. You can also set the minimum characters that need to be alphabetic (a-z) and numeric or special characters (0-9 & symbols). To enable a requirement, check the checkbox and then set the associated value.

Password security

This password security section allows you to configure various security settings for each password. You can set maximum and minimum password age. You can also set the password reuse policy. Additionally, you can set the lock time imposed after repeated failed login attempts.

Enable forgot password

You can enable forgotten password functionality for users authenticating against the Cloud Directory.

To enable forgotten password functionality:

Navigate to Configuration
Select Identity Sources
Select the Cloud Directory source
Check Enable password reset option
Save changes

Once enabled, users will see "Forgot password?" on their login page. Currently, forgot password workflows are handled by users providing a known attribute (email address) and if Verify finds a user, it will send that user a link to reset their password. Multi-factor authentication is not included in this flow to protect user fidelity and to prevent exposure of second factors. This keeps the first factor and second factor completely in tact.