Configure Studio Password Requirements

Password requirements validation allows the admin to setup rules that ensures users create passwords based on an organizations password security policy.

Crafter Studio by default requires passwords to meet the following validation regular expression:

^(?=(?<hasNumbers>.*[0-9]))(?=(?<hasLowercase>.*[a-z]))(?=(?<hasUppercase>.*[A-Z]))(?=(?<hasSpecialChars>.*[~|!`,;\/@#$%^&+=]))(?<minLength>.{8,})$

  • Must contain at least one number

  • Must contain at least one lowercase letter

  • Must contain at least one uppercase letter

  • Must contain at least one special character (~|!`,;/@#$%^&+=)

  • Length must be at least 8 characters

The password requirements configured here are displayed to the user when resetting a password or creating a user.

System Administrator - Password Requirements Display

To configure the password validation regular expression, click on mainMenu Main Menu then click on Global Config. Scroll to the section Password requirements validation regular expression

crafter_install_dir/data/repos/global/configuration/studio-config-override.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Password requirements validation regular expression
# The supported capture group keys are:
#   hasNumbers
#   hasLowercase
#   hasUppercase
#   hasSpecialChars
#   noSpaces
#   minLength
#   maxLength
#   minMaxLength
# studio.security.passwordRequirements.validationRegex: ^(?=(?<hasNumbers>.*[0-9]))(?=(?<hasLowercase>.*[a-z]))(?=(?<hasUppercase>.*[A-Z]))(?=(?<hasSpecialChars>.*[~|!`,;\/@#$%^&+=]))(?<minLength>.{8,})$

Capture group keys are used with the regular expression as listed above, where:

  • hasNumbers: which numbers are allowed.

  • hasLowerCase: which lowercase letters are allowed

  • hasUpperCase: which uppercase letters are allowed

  • hasSpecialChars: which special characters are allowed

  • noSpaces: no space allowed in the password

  • minLength: specify the minimum password length

  • maxLength: specify the maximum password length

  • minMaxLength: specify the minimum and maximum password length

Safe capture group keys include camel-cased (e.g. MustHaveAtLeastTwoNumbers) or underscored (e.g. Must_Have_At_Least_Two_Numbers, Must_have_at_least_two_numbers) strings. Capture group names may not contain spaces or other special chars.

Here’s an example where the validation regex requires at least two numbers, where the capture group key for that requirements uses the camel case string MustHaveAtLeastTwoNumbers, which is the text that will be displayed as part of the password requirements:

crafter_install_dir/data/repos/global/configuration/studio-config-override.yaml
1
# studio.security.passwordRequirements.validationRegex: ^(?=(?<MustHaveAtLeastTwoNumbers>.*[0-9].*[0-9]))(?=(?<hasLowercase>.*[a-z]))(?=(?<hasUppercase>.*[A-Z]))(?=(?<hasSpecialChars>.*[~|!`,;\/@#$%^&+=]))(?<minLength>.{8,})$
System Administrator - Password Requirements Display