Back to Home Page
View SDKs on Github
View APIs in Postman
System Status
Strivacity Fusion: Cape Town Release
SUPPORT INFORMATION
Raising a Support Case
Security Vulnerability Response
Reporting a Security Issue
Our Service Level Commitment
Getting Started
Overview
Product Components
Pre-Configured Best Practices
Using the Dashboard
Overview
APIs
Using the REST APIs
Postman API Directory
Adaptive APIs
Administrative APIs
Anonymous Visitor and Consent APIs
Authentication APIs
Customer Lifecycle APIs
Customer Self-Service APIs
Setup and Manage
Adaptive Multi-factor Authentication
Claim Management
Consent Management
Enterprise Login
Identity Stores
Integrate Your Applications
Lifecycle Event Hooks
Notification Policies
Password Polices
Creating a Password Policy
Editing a Password Policy
Deleting a Password Policy
Self-Service
Social Login
Rebranding and Customization
Using Your Own Logo and Color Scheme
Customizing Email Templates
Customizing SMS Templates
Rebranding the Admin Console
Managing Accounts and Groups
Overview
Creating an Account
Editing an Account
Delete an Account
Enable/Disable an Account
Creating a Group
Deleting a Group
Managing Group Membership
Configuration
General
Admin Adaptive MFA
Admin Branding
Admin Notifications
Admin Users
REST API Access Policies
Integrations
Microsoft Azure AD (B2E)
ID DataWeb - Attribute Exchange Network (AXN)
ServiceNow
WorkRamp Learning Management System
Zendesk
Architecture and Deployment
Rate Limiting
Regional Availability
Powered by GitBook

Password Polices

Password Policies provide a way to enforce password characteristics and mitigate password risk for all accounts in an identity store. Learn more about how to setup and manage these policies.

Overview

Password Policies provide a way to enforce password characteristics and mitigate password risk for all accounts in an identity store.

Fusion's password policies and the settings provided also follow the 2019 NIST 800-63 Password Guidelines wherever possible and provides password strength, password guessing avoidance, as well as protection against common password based attacks using breached/stolen credentials such as password stuffing and password spraying.

A password is subject to the following allowed/disallowed character rules:

  • Can contain up to 64 characters in length and any uppercase or lowercase Latin or Unicode characters from A to Z

  • Can contain any digits 0 to 9

  • Can contain any of these ASCII characters: # $ % & ' ( ) - . @ ^ _ ` { } ~

The functionality provided by Fusion's password policies can be broken down into three areas of functionality:

Password Policy Scope

The scope of a password policy applies to an Identity Store. While you can re-use a password policy, an Identity Store can only have a single password policy.

Password Strength

Setting

Default Value

Description

Minimum Length

8

Specify the minimum length (in characters) of the password. This cannot be less that 8 characters.

Must contain at least one lowercase character (a-z)

Off

If enabled the password must include one of these!

Must contain at least one uppercase character (A-Z)

Off

If enabled the password must include one of these!

Must contain at least one number (0-9)

Off

If enabled the password must include one of these!

Must contain at least one special character ($%&'()[email protected]^_`'{}~)

Off

If enabled the password must include one of these!

Password Guessing Avoidance

Setting

Default Value

Description

Must not contain the customers first name

On

If enabled, the user cannot use any part of their first name in the password

Must not contain the customers last name

On

If enabled, the user cannot use any part of their last name in the password

Must not contain any part of the username

On

If enabled, the user cannot use any part of their username in the password

Password Risk Analysis

Documentation Coming Soon!

Previous
Creating a Notification Policy
Next
Creating a Password Policy
Last updated 9 months ago
Contents
Overview
Password Policy Scope
Password Strength
Password Guessing Avoidance
Password Risk Analysis