Forced User Password Complexity
We're working to deploy Mango in environments where customers require an enforced minimum password complexity. The reference topic above mentions the back-end supports it but it's not yet configurable. I checked our Mango settings and indeed see a setting to expire passwords, but there's nothing for enforced complexity.
Is enforced complexity still in the pipeline? Is there a way to manually set enforcement through the back-end if the GUI won't support configuration for a while?
There is no UI implemented yet but these are the system settings you can adjust via the system settings REST api here are the keys for the settings:
//Password rules settings, count of 0 means no rule applied public static final String PASSWORD_UPPER_CASE_COUNT = "password.rule.upperCaseCount"; public static final String PASSWORD_LOWER_CASE_COUNT = "password.rule.lowerCaseCount"; public static final String PASSWORD_DIGIT_COUNT = "password.rule.digitCount"; public static final String PASSWORD_SPECIAL_COUNT = "password.rule.specialCount"; public static final String PASSWORD_LENGTH_MIN = "password.rule.lengthMin"; public static final String PASSWORD_LENGTH_MAX = "password.rule.lengthMax";
Fantastic, thank you very much! I'll pass this along to the developers and let you know if we run into any issues. I appreciate the quick help.