Default password policy
Learn more about Strivacity's default password policy and how it can mitigate common risks to passwords.
Strivacity comes pre-configured with a default password policy that is aligned to the 2019 NIST 800-63 Password Guidelines.
The Default Password Policy is automatically assigned on a per-Identity Store basis and is automatically assigned to the Default Identity Store from the moment that you start using the product, i.e. there is nothing that you need to do to ensure some password best practices are enforced for your customer accounts.
Strivacity comes pre-configured with a default password policy that is aligned to the 2019 NIST 800-63 Password Guidelines.
Default password policy settings
The default password policy is automatically assigned on a per-Identity Store basis and is automatically assigned to the default-identity-store from the moment you start using the Admin Console.
Here's our out-of-the-box password policy configuration:
| Setting | Default Value | Description |
|---|---|---|
| Breached password analysis | Enabled | Prevents customers from using passwords that previously appeared in known data breaches. |
| Password Strenght | Disabled | According to NIST's 2019 Password Guidelines, commonly used password complexity requirements are less effective in reaching the ideal security level, so they're switched off* in our default password policy. |
Password Guessing Avoidance | These settings reduce the attack vector of cyber attackers leveraging customer-identifying information. | |
| Must not contain First name | Enabled | Prevents customers from using the entire or partial character strings from their 'First name' that's added to their profile information. |
| Must not contain Last name | Enabled | Prevents customers from using the entire or partial character strings from their 'Last name' that's added to their profile information. |
| Must not contain any part of the Username | Enabled | If the identity store requires this identifier, the customer will be prevented from using the entire or partial character strings from their 'Username'. |
*While the 2019 NIST 800-63 Password Guidelines do not recommend any password complexity requirements, please note that password policies do support password complexity and more advanced password options. You can view Password Policies for more information.
Updated 4 months ago