authelia/docs/configuration/password_policy.md

---
layout: default
title: Password Policy
parent: Configuration
nav_order: 17
---

# Password Policy
_Authelia_ allows administrators to configure an enforced password policy.

## Configuration

```yaml
password_policy:
  standard:
    enabled: false 
    min_length: 8
    max_length: 0
    require_uppercase: true
    require_lowercase: true
    require_number: true
    require_special: true
  zxcvbn:
    enabled: false
```

## Options

### standard
<div markdown="1">
type: list
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>

This section allows you to enable standard security policies. 
#### enabled 
type: bool
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Enables standard password policy

#### min_length 
type: integer
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Determines the minimum allowed password length

#### max_length 
type: integer
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Determines the maximum allowed password length

#### require_uppercase 
type: bool
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Indicates that at least one UPPERCASE letter must be provided as part of the password

#### require_lowercase 
type: bool
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Indicates that at least one lowercase letter must be provided as part of the password

#### require_number 
type: bool
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Indicates that at least one number must be provided as part of the password

#### require_special 
type: bool
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Indicates that at least one special character must be provided as part of the password


### zxcvbn
This password policy enables advanced password strengh metering, using [Dropbox zxcvbn package](https://github.com/dropbox/zxcvbn).

Note that this password policy do not restrict the user's entry, just warns the user that if their password is too weak


#### enabled 
type: bool
{: .label .label-config .label-purple } 
required: no
{: .label .label-config .label-green }
</div>
Enables standard password policy

Note:
* only one password policy can be applied at a time
feat(authentication): password policy (#2723) Implement a password policy with visual feedback in the web portal. Co-authored-by: Manuel Nuñez <@mind-ar> Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> 2022-04-02 22:32:57 +00:00			`---`
			`layout: default`
			`title: Password Policy`
			`parent: Configuration`
			`nav_order: 17`
			`---`

			`# Password Policy`
			`_Authelia_ allows administrators to configure an enforced password policy.`

			`## Configuration`

			```yaml
			`password_policy:`
			`standard:`
			`enabled: false`
			`min_length: 8`
			`max_length: 0`
			`require_uppercase: true`
			`require_lowercase: true`
			`require_number: true`
			`require_special: true`
			`zxcvbn:`
			`enabled: false`
			```

			`## Options`

			`### standard`
			`<div markdown="1">`
			`type: list`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`

			`This section allows you to enable standard security policies.`
			`#### enabled`
			`type: bool`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Enables standard password policy`

			`#### min_length`
			`type: integer`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Determines the minimum allowed password length`

			`#### max_length`
			`type: integer`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Determines the maximum allowed password length`

			`#### require_uppercase`
			`type: bool`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Indicates that at least one UPPERCASE letter must be provided as part of the password`

			`#### require_lowercase`
			`type: bool`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Indicates that at least one lowercase letter must be provided as part of the password`

			`#### require_number`
			`type: bool`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Indicates that at least one number must be provided as part of the password`

			`#### require_special`
			`type: bool`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Indicates that at least one special character must be provided as part of the password`


			`### zxcvbn`
			`This password policy enables advanced password strengh metering, using [Dropbox zxcvbn package](https://github.com/dropbox/zxcvbn).`

			`Note that this password policy do not restrict the user's entry, just warns the user that if their password is too weak`


			`#### enabled`
			`type: bool`
			`{: .label .label-config .label-purple }`
			`required: no`
			`{: .label .label-config .label-green }`
			`</div>`
			`Enables standard password policy`

			`Note:`
			`* only one password policy can be applied at a time`