Configure Studio Password Requirements
Password requirements validation allows the admin to setup rules that ensures users create passwords based on an organization’s password security policy.
Crafter Studio uses zxcvbn for password strength management.Since 4.0.3
The password strength configured here are displayed to the user when resetting a password or creating a user.
To configure the password strength, click on Main Menu then click on
Scroll to the section
Security and change the value of
to desired minimum password complexity required:
1# Password requirements minimum complexity 2# This is based on https://github.com/dropbox/zxcvbn 3# The minimum complexity corresponds to the password score 4# You can try this out here https://lowe.github.io/tryzxcvbn/ 5# score # Integer from 0-4 (useful for implementing a strength bar) 6# 0 # too guessable: risky password. (guesses < 10^3) 7# 1 # very guessable: protection from throttled online attacks. (guesses < 10^6) 8# 2 # somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) 9# 3 # safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10) 10# 4 # very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10) 11# The default value is 3 12studio.security.passwordRequirements.minimumComplexity: 3
Crafter Studio’s default minimum password complexity required is set to 3 (which translate to a score
of 80 in the UI), and until the user setting/changing the password has met the minimum required,
Submit button will not be enabled. Also, once the minimum password strength score has been
reached, the score will be displayed in green.
Below, are some of the messages displayed as a user is inputting a new password: