Default password policy

Learn more about Strivacity's default password policy and how it can mitigate common risks to passwords.

Strivacity comes pre-configured with a default password policy that is aligned to the 2019 NIST 800-63 Password Guidelines.

The Default Password Policy is automatically assigned on a per-Identity Store basis and is automatically assigned to the Default Identity Store from the moment that you start using the product, i.e. there is nothing that you need to do to ensure some password best practices are enforced for your customer accounts.

Strivacity comes pre-configured with a default password policy that is aligned to the 2019 NIST 800-63 Password Guidelines.

Default password policy settings

Default password policy settings

The default password policy is automatically assigned on a per-Identity Store basis and is automatically assigned to the default-identity-store from the moment you start using the Admin Console.

Here's our out-of-the-box password policy configuration:

SettingDefault ValueDescription
Breached password analysisEnabled

Prevents customers from using passwords that previously appeared in known data breaches.

Customers can continue only if they've provided a password that hasn't been part of a past dataleak.

Read more about how breached password analysis works.

Password StrenghtDisabled

According to NIST's 2019 Password Guidelines, commonly used password complexity requirements are less effective in reaching the ideal security level, so they're switched off* in our default password policy.

Password Guessing Avoidance

These settings reduce the attack vector of cyber attackers leveraging customer-identifying information.

See: Examples explaining password guessing avoidance.

Must not contain First nameEnabledPrevents customers from using the entire or partial character strings from their 'First name' that's added to their profile information.
Must not contain Last nameEnabledPrevents customers from using the entire or partial character strings from their 'Last name' that's added to their profile information.
Must not contain any part of the UsernameEnabledIf the identity store requires this identifier, the customer will be prevented from using the entire or partial character strings from their 'Username'.

📘

*While the 2019 NIST 800-63 Password Guidelines do not recommend any password complexity requirements, please note that password policies do support password complexity and more advanced password options. You can view Password Policies for more information.