Last modified on September 7, 2022

Password requirements are set in the Admin UI in Settings > Security. You can force the passwords of your strongDM users to be of higher strength. By default, the only password requirement is that the password be eight characters long.

Password strength requirements can be increased from “No minimum strength” to “Medium,” “Strong,” or “Excellent.” If you require higher password strength, users will need to add complexity to their passwords until they grade at the higher rating you have set as the requirement.

The strength of a password can be difficult to determine. In this case, strongDM uses the zxcvbn password strength method to test your password strength. This method discards arbitrary rules about characters and length. Instead, this method analyzes each suggested password and gives it a strength rating based on a number of factors, including things such as length, dictionary checking, password matching, and so forth.

Independently of the password strength requirement, you can also set a minimum length requirement for your users’ passwords. You should not set this minimum length to be lower than the default minimum for the password strength requirement that you have set.