Configuring The Password Policy
The password policy is a set of rules that define the password requirements for Kratos identities. They can be changed by modifying the following configuration parameters:
path/to/kratos/config.yml
selfservice:
methods:
password:
enabled: true
config:
haveibeenpwned_enabled: true
min_password_length: 8
identifier_similarity_check_enabled: true
haveibeenpwned_enabled
If set to true
, the password policy will check if the password has been found in the
Have I Been Pwned database. The default value is true
.
min_password_length
The minimum length of the password. The default value is 8
, the minimum allowed value is 6
.
identifier_similarity_check_enabled
If set to true
, the password policy will check if the password is similar to the user identifier. The default value is true
.