PingOne allows you to assign password policies to populations and includes three policy types by default. You can customize these policies or create new policies to meet the password requirements for users in the population. For more information, see Password policy comparison.

The default password policies include:

  • Standard (default) - The standard password policy incorporates industry best practices for a typical password policy.
  • Passphrase - The passphrase policy encourages users to use a passphrase instead of a password for stronger authentication. A passphrase can be easier to remember and more secure because of its length.
  • Basic - The basic password policy is a more relaxed standard that allows for maximum customer flexibility. Because users are not required to change their passwords, the basic policy can be less secure.

To view, add, modify, or delete password policies, see Managing password policies.

Password policy comparison

Standard Passphrase Basic

Contains no sub strings that match user attributes

Yes

Yes

No
Not similar to current password1

Yes

Yes

No

Not a common password

Yes

Yes

Yes
No more than two repeated characters2

Yes

No

No

At least five unique characters

Yes

No

No

Between 8 and 255 characters

Yes

No

Yes

At least one number

Yes

No

Yes

At least one lowercase letter

Yes

No

Yes

At least one uppercase letter

Yes

No

Yes

At least one special character

~!@#$%^&*()-_=+[]{}|;:,.<>/?

Yes

No

Yes
Has a computational complexity of at least seven days3

No

Yes

No

Supports all printable UTF-8 characters

Yes

Yes

Yes

Allowed failed attempts

After five failed attempts, the user is locked out for 15 minutes

5

5

Expires

182 days

Never

182 days