You can force the passwords of your strongDM users to be of higher strength. By default, the only password requirement is that the password be eight characters long.

Password strength requirements can be increased to "Medium," "Strong," or "Excellent." If you require higher password strength, users will need to add complexity to their passwords until they grade at the higher rating you have set as the requirement.

The strength of a password can be difficult to determine. In this case, strongDM uses the zxcvbn password strength method to test your password strength. This method discards arbitrary rules about characters and length,and instead analyzes each suggested password and gives it a strength rating based on a number of factors, including things such as length, dictionary checking, password matching, and so forth.

In most cases, if a password is failing to meet the account's password requirements, adding length or complexity of characters will increase the password strength as needed.

Independently of the password strength requirement, you can also set a minimum length requirement for your users' passwords. You should not set this minimum length to be lower than the default minimum for the password strength requirement that you have set.

Set up MFA with Duo
General SSO Guide