Password Policies feature is a part of the Shield's User Management module. It allows you to have full control over passwords used by users on your site.

How to set this feature

Before you start using this feature, please note that it requires PHP v5.4+ version. Read more here.

To set Password Policies feature, you need to enable it first:

And then enable the following functionalities (options) you want:

  • Prevent Pwned Passwords - Prevent use of ‘pwned passwords’
  • Minimum Length - Enforce minimum password length
  • Minimum Strength - Enforce minimum password strength
  • Apply To Existing Users - Apply these policies retrospectively to existing passwords forcing users to update passwords when they login again
  • Password Expiration - Expire all passwords forcing all users to reset their passwords after they next login

Password Policies options explanations

Option: Prevent Pwned Passwords

When enabled, this option prevents users from using any passwords found on the public available list of "pwned" passwords.

For more information on "pwned" passwords, read the article here.

Option: Minimum Length

When enabled, all passwords that a user sets must be at least this many characters in length.

To disable this option, set the value to Zero(0).

Option: Minimum Strength

When enabled, all passwords that a user sets must meet the minimum strength. To set the minimum strength, select one from the list.

Option: Apply To Existing Users

When enabled, this option will apply password policies to existing users and their passwords. It will force existing users to update their passwords if they don't meet requirements, after they next login.

Option: Password Expiration

When enabled, users will be forced to reset their passwords after the number of days specified.

To disable this option, set the value to Zero(0).

Note: Shield Pro is required for all options except ‘Pwned Passwords’. To find out what the extra Shield pro features are and how to purchase it, please read the article here.

For further reading on Password Policies feature and its importance, please read the blog release here.

To find out how Shield' Password Policy affects your site users, read the article here.