Configure password policies

Verify allows for setting password policies for cloud directory users and users authenticating against directories connected via an identity agent.

Any change in the configured policy is enforced next time each user performs a password change. Since Verify passwords are one-way encrypted, there's no way to find existing passwords that don't meet the policy.

Set password policies

Cloud directory users have a local password in Verify. This means we can directly manage the password requirements of these users. To set up a password policy, follow the steps below.

  1. Navigate to Configuration
  2. Select the Password policies tab
  3. Edit the Default password policy

Password strength

1110

This password strength section allows you to set minimum password length. You can also set the minimum characters that need to be alphabetic (a-z) and numeric or special characters (0-9 & symbols). To enable a requirement, check the checkbox and then set the associated value.

Password security

1156

This password security section allows you to configure various security settings for each password. You can set maximum and minimum password age. You can also set the password reuse policy. Additionally, you can set the lock time imposed after repeated failed login attempts.

Enable forgot password

You can enable forgotten password functionality for users authenticating against the Cloud Directory.

1030

To enable forgotten password functionality:

  1. Navigate to Configuration
  2. Select Identity Sources
  3. Select the Cloud Directory source
  4. Check Enable password reset option
  5. Save changes

Once enabled, users will see "Forgot password?" on their login page. Currently, forgot password workflows are handled by users providing a known attribute (email address) and if Verify finds a user, it will send that user a link to reset their password. Multi-factor authentication is not included in this flow to protect user fidelity and to prevent exposure of second factors. This keeps the first factor and second factor completely in tact.