Do not apply password policy at login [Updated in Security Center 1.5 and removed in 2.0]

Watch

Save as PDF

Share this page

Feedback

HomeYokohama Platform securityPlatform SecurityHardening settingsAuthenticationDo not apply password policy at login [Updated in Security Center 1.5 and removed in 2.0]

Table of Contents

Do not apply password policy at login [Updated in Security Center 1.5 and removed in 2.0]

Release version:
Yokohama
Xanadu
Washington DC
Vancouver
UpdatedJan 30, 2025
1 minute read

Yokohama
Platform Security

Manage how password complexity is handled in your instance.

By setting the property glide.apply.password_policy.on_login to false there will be no password complexity enforcement at login time. Setting the property to true will enforce password complexity and lead to organization policy compliance issues.

As per ASVS 4.03 v2.1.9 recommendations:

"Verify that there are no password composition rules limiting the type of characters permitted. There should be no requirement for upper or lower case or numbers or special characters. (C6)"

Instead of password complexity enforcement, ASVS recommendations are to enforce a minimum length of 12 characters for password length.

Refer to OWASP ASVS v4.0 Authentication.

More information

Search:


Attribute	Description
Configuration name	glide.apply.password_policy.on_login
Configuration type	System Properties (/sys_properties_list.do)
Data type	boolean
Recommended value	false
Default value	false
Category	Authentication
Security risk	Severity score: 4.4 CVSS score: Medium Security risk details: Setting this property to true could enforce password complexity and lead to organization compliance issues.
Dependencies and prerequisites	None

Yokohama Platform security

Filters

Versions

Products