Jump to content

variable complexity reqs based on password length - Stanford style password policy


Recommended Posts

Hi Support,


Do you have any comments/thoughts/plans/suggestions regarding implementing a password strength policy/calculator that follows the Stanford style password policy; ie where longer passwords (20+ chars) do not require/enforce character type restrictions with corresponding expiry or max. age policy.


I'm thinking of a policy that allows a definition such as;

  • password_length >=x (eg x=20) chars: 1 from [upper, lower]) nb must not allow 20 numeric or 20 special char as limited entropy)
  • x > password_length >= y (eg x=20, y=16) chars: 2 from [upper, lower, numeric]
  • y > password_length >= z (eg y=16, z=12) chars: 2 from [upper, lower, special char]
  • z > password_length > min_length  (eg z=12, min_length=8) chars: 3 from [upper, lower, numeric, special char]
  • password_length  = min_length:  (eg 8) chars: 4 from [upper, lower, numeric, special char] with minimum of a upper, b  lower, c numeric, d special] (eg: a=2, b=2, c=2, d=2)


I'm interested to know if you have plans in this space.


Also interested to know if other users have adopted this type of policy and any downside consequences you may have encountered.





Link to comment
Share on other sites

Hi Paul,


Thanks for your request. We don't currently have plans to develop the Password Strength Policies further, but if customers express enough interest in this, we can look into it.

On the Password Generator Policies, would the Pattern Matching help with this at all? We understand this might need meet the policy requirements you want, but you can be quite specific with the structure of the random passwords which are generated.


Click Studios.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...