Back to Home Page
View SDKs on Github
View APIs in Postman
System Status
Strivacity Fusion: Budapest Release
Reporting a Security Issue
Getting Started
Overview
Product Components
Pre-Configured Best Practices
Using the Dashboard
Overview
APIs
Using the REST APIs
Postman API Directory
Adaptive APIs
Administrative APIs
Anonymous Visitor and Consent APIs
Authentication APIs
Customer Lifecycle APIs
Customer Self-Service APIs
Setting Up
Setup and Manage an Application
Setup and Manage Consent Management
Setup and Manage Self-Service
Setup and Manage Adaptive MFA
Setup and Manage Social Logins
Setup and Manage Password Polices
Creating a Password Policy
Editing a Password Policy
Deleting a Password Policy
Setup and Manage Notification Policies
Rebranding and Customization
Using Your Own Logo and Color Scheme
Customizing Email Templates
Customizing SMS Templates
Rebranding the Admin Console
Managing Customer Accounts
Overview
Creating an Account
Editing an Account
Delete an Account
Enable/Disable an Account
Configuration
General
Admin Adaptive MFA
Admin Branding
Admin Notifications
Admin Users
REST API Access Policies
Integrations
ServiceNow
Architecture and Deployment
Rate Limiting
Regional Availability
Service Levels
Powered by GitBook

Setup and Manage Password Polices

Password Policies provide a way to enforce password characteristics and mitigate password risk for all accounts in an identity store. Learn more about how to setup and manage these policies.

Overview

Password Policies provide a way to enforce password characteristics and mitigate password risk for all accounts in an identity store.

Fusion's password policies and the settings provided also follow the 2019 NIST 800-63 Password Guidelines wherever possible and provides password strength, password guessing avoidance, as well as protection against common password based attacks using breached/stolen credentials such as password stuffing and password spraying.

A password is subject to the following allowed/disallowed character rules:

  • Can contain up to 64 characters in length and any uppercase or lowercase Latin or Unicode characters from A to Z

  • Can contain any digits 0 to 9

  • Can contain any of these ASCII characters: # $ % & ' ( ) - . @ ^ _ ` { } ~

The functionality provided by Fusion's password policies can be broken down into three areas of functionality:

Password Policy Scope

The scope of a password policy applies to an Identity Store. While you can re-use a password policy, an Identity Store can only have a single password policy.

Password Strength

Setting

Default Value

Description

Minimum Length

8

Specify the minimum length (in characters) of the password. This cannot be less that 8 characters.

Must contain at least one lowercase character (a-z)

Off

If enabled the password must include one of these!

Must contain at least one uppercase character (A-Z)

Off

If enabled the password must include one of these!

Must contain at least one number (0-9)

Off

If enabled the password must include one of these!

Must contain at least one special character ($%&'()-.@^_`'{}~)

Off

If enabled the password must include one of these!

Password Guessing Avoidance

Setting

Default Value

Description

Must not contain the customers first name

On

If enabled, the user cannot use any part of their first name in the password

Must not contain the customers last name

On

If enabled, the user cannot use any part of their last name in the password

Must not contain any part of the username

On

If enabled, the user cannot use any part of their username in the password

Password Risk Analysis

Documentation Coming Soon!

Previous
Deleting a Social Login from an Application
Next
Creating a Password Policy
Last updated 6 months ago
Contents
Overview
Password Policy Scope
Password Strength
Password Guessing Avoidance
Password Risk Analysis