Increase password strength for basic user accounts
Basic user accounts can be created via;
1. Admin portal (minimum password length=6)
2. Self registration page (minimum password length=8).
No other rule applies i.e. very poor password strength.
When possible, we definitely use AAD.
For cases where we can not use AAD the Azure PaaS Developer Support Team has recommended us to use Facebook, Google, Microsoft or Twitter accounts...
Please, provide UI page where Admin can design password policy by choosing;
- Minimum password length. [Default=8?].
- English upper case letters (e.g., A, B, C, ...Z). [Checkbox True|False].
- English lower case letters (e.g., a, b, c, ...z). [Checkbox True|False].
- Base 10 digits (e.g., 0,1,2, ...9). [Checkbox True|False].
- Non-alphanumeric (''special characters) (e.g., ?,!,%,$,#, etc). [Checkbox True|False].
- A catch-all category of any Unicode character that does not fall under the previous four categories. [Checkbox True|False].
Alan Wales commented
This would also help us since we cannot federate all AD accounts and rely on basic user registration. Some control over password complexity (number of characters, number of upper case, number of special characters) would already be an improvement