What is Password Policies feature and how to set it up?

Password Policies feature is a part of the Shield's User Management module. It allows you to have full control over passwords used by users on your site.

How to set this feature

Before you start using this feature, please note that it requires PHP v5.4+ version.

To set Password Policies feature, you need to enable it first:

And then enable the following functionalities (options) you want:

  • Prevent Pwned Passwords - Prevent use of ‘pwned passwords’
  • Minimum Length - Enforce minimum password length
  • Minimum Strength - Enforce minimum password strength
  • Apply To Existing Users - Apply these policies retrospectively to existing passwords forcing users to update passwords when they login again
  • Password Expiration - Expire all passwords forcing all users to reset their passwords after they next login

Password Policies options explanations

Option: Prevent Pwned Passwords

When enabled, this option prevents users from using any passwords found on the public available list of "pwned" passwords.

Option: Minimum Length

When enabled, all passwords that a user sets must be at least this many characters in length.

To disable this option, set the value to Zero(0).

Option: Minimum Strength

When enabled, all passwords that a user sets must meet the minimum strength. To set the minimum strength, select one from the list.

Option: Apply To Existing Users

When enabled, this option will apply password policies to existing users and their passwords. It will force existing users to update their passwords if they don't meet requirements, after they next login.

Option: Password Expiration

When enabled, users will be forced to reset their passwords after the number of days specified.

Next time they try to login they'll be warned and prompted to update their password:

To disable this option, set the value to Zero(0).

Note: ShieldPRO is required for the all options except ‘Pwned Passwords’. To find out what the extra ShieldPRO features are and how to purchase, please follow this link here.

To learn more about the Password Policies feature and its importance, please read the blog release here.

To find out how to apply Shield' Password Policy for your site users logins, read the article here.