Setup and Manage Password Polices

Password Policies provide a way to enforce password characteristics and mitigate password risk for all accounts in an identity store. Learn more about how to setup and manage these policies.

Overview

Password Policies provide a way to enforce password characteristics and mitigate password risk for all accounts in an identity store.

Fusion's password policies and the settings provided also follow the 2019 NIST 800-63 Password Guidelines wherever possible and provides password strength, password guessing avoidance, as well as protection against common password based attacks using breached/stolen credentials such as password stuffing and password spraying.

A password is subject to the following allowed/disallowed character rules:

  • Can contain up to 64 characters in length and any uppercase or lowercase Latin or Unicode characters from A to Z

  • Can contain any digits 0 to 9

  • Can contain any of these ASCII characters: # $ % & ' ( ) - . @ ^ _ ` { } ~

The functionality provided by Fusion's password policies can be broken down into three areas of functionality:

Password Policy Scope

The scope of a password policy applies to an Identity Store. While you can re-use a password policy, an Identity Store can only have a single password policy.

Password Strength

Setting

Default Value

Description

Minimum Length

8

Specify the minimum length (in characters) of the password. This cannot be less that 8 characters.

Must contain at least one lowercase character (a-z)

Off

If enabled the password must include one of these!

Must contain at least one uppercase character (A-Z)

Off

If enabled the password must include one of these!

Must contain at least one number (0-9)

Off

If enabled the password must include one of these!

Must contain at least one special character ($%&'()-.@^_`'{}~)

Off

If enabled the password must include one of these!

Password Guessing Avoidance

Setting

Default Value

Description

Must not contain the customers first name

On

If enabled, the user cannot use any part of their first name in the password

Must not contain the customers last name

On

If enabled, the user cannot use any part of their last name in the password

Must not contain any part of the username

On

If enabled, the user cannot use any part of their username in the password

Password Risk Analysis

Documentation Coming Soon!