Forced User Password Complexity

---

Re: Password Expiry and Complexity

We're working to deploy Mango in environments where customers require an enforced minimum password complexity. The reference topic above mentions the back-end supports it but it's not yet configurable. I checked our Mango settings and indeed see a setting to expire passwords, but there's nothing for enforced complexity.

Is enforced complexity still in the pipeline? Is there a way to manually set enforcement through the back-end if the GUI won't support configuration for a while?

There is no UI implemented yet but these are the system settings you can adjust via the system settings REST api here are the keys for the settings:

//Password rules settings, count of 0 means no rule applied
public static final String PASSWORD_UPPER_CASE_COUNT = "password.rule.upperCaseCount";
public static final String PASSWORD_LOWER_CASE_COUNT = "password.rule.lowerCaseCount";
public static final String PASSWORD_DIGIT_COUNT = "password.rule.digitCount";
public static final String PASSWORD_SPECIAL_COUNT = "password.rule.specialCount";
public static final String PASSWORD_LENGTH_MIN = "password.rule.lengthMin";
public static final String PASSWORD_LENGTH_MAX = "password.rule.lengthMax";

Fantastic, thank you very much! I'll pass this along to the developers and let you know if we run into any issues. I appreciate the quick help.