Custom password complexity
Allow the ability to set different password complexities for local accounts in a B2C tenant.
We have a private preview of this feature available. If you are interested in joining, please contact firstname.lastname@example.org with the name of your tenant.
Is this still not available....?!
Adding my vote for customizing password complexity requirements, I am amazed it's not even possible as a bolt on option. Increasing minimum password length & certain complexity requirements beyond the default was available in servers 10 years ago.
Fred Murphy commented
Allowing an Azure function to be called to check password suitability would seem to be the most flexible way to implement this.
For instance, the NIST guidelines also mention disallowing passwords exposed in previous breaches. Being able to check against the HIBP list would be very useful.
Kevin Leicht commented
I want to add my vote to this. We want to implement pass phrases so need more than 16 characters, and the passwords must allow spaces as well.
Ronald Verhaegen commented
Hi, is there any news on when this will go to production or at least out of private preview?
Mitch Prince commented
This feature support support for the last NIST password complexity recommendations as described in NIST Special Publication 800-63B located at https://pages.nist.gov/800-63-3/sp800-63b.html
Adrian Gawor commented
After getting preview: When setting to predefined Strong or Simple it works ok, but Custom seems to have problem with being applied. After switch to Custom (for instance 10-64 chars, and all 4 char classes required) and visiting sing up page, previously applied (Simple or Strong whichever was before) is still in power.
Ken Lince commented
what is the ETA on this?
At least allow us to be able to conform to most NIST standards as described in the following articles (and ofcourse the NIST website):
Lukas Lani commented
configurable minimal password length - 8 is not enough. Increase maximum length, 16 is not a much. Users began to use phrases instead of characters, 64 shall be more than enough.
Cédric GUITARD commented
Hello, do you have any Trello board in order to inform us on all the developments that are in your backlog/planned/progress, etc....
Suresh Nadansundaram commented
Any update on this? We need this feature to launch B2C authentication to our customers as the current password requirements are too complex for the non technical end users.
We have different segments of customers. We would like to able adjust the password policies accordingly to minimize friction in the sign-up process for some customers
Abel Espino commented
Be able to relax the B2C directory password policy so that migration from existing on-premise home-made "B2C" directories (credentials) could be easily migrated into Azure ADB2C.
And accompanying the previous one, an option to massively prompt users (send an email) to change their passwords to a more robust one.