Password requirements, e.g. the minimal length, required characters and much more can be enforced by Airlock IAM. To configure the policies in Airlock IAM, use one of the provided Password Policy plugins.
It is also possible to connect to an Active Directory and use its password policies directly.
Normally, password policies are only checked during a password change but it can also be enabled during login, which can be handy to enforce a new policy. If it does not pass the checks, the user is forced to change the password to comply with the password policy.
For how to use the individual Password Policy plugins, please refer to the plugin documentation () directly in the Config Editor.
OWASP has published a list of commonly used special characters that are present on US keyboards and therefore should be expected in passwords. Special care has to be taken with certain of these characters if the password also has to be propagated to third-party systems. In particular, quotes or spaces are a source of potential issues for some third-party systems.