The password complexity feature implements more sophisticated password complexity checks. It is not recommended to use this feature unless you have a policy that requires it, as users that would not choose a good password in the absense of password complexity requirements are unlikely to choose a good password if you have password complexity requirements.
Contains characters in multiple character groups, by default at least 3 of uppercase letters, lowercase letters, numbers, and everything else, unless the password is over 11 characters.
Does not contain any invalid patterns, by default patterns like
zxcv, or number sequences such as
Does not contain a certain number of repeating characters, by default 3.
Is not a dictionary word, after stripping off numbers from the prefix and suffix and replacing some common numbers/symbols often substituted for letters, catching things like
An array of regular expressions representing different character groups.
A Array/Hash/Set containing dictionary words, which cannot match the password.
A file containing dictionary words, which will not be allowed. By default,
The error message fragment to show if the password is derived from a word in a dictionary.
A regexp where any match is considered an invalid password. For multiple
The error message fragment to show if the password matches the invalid pattern.
The number of characters above which to skip the checks for character groups.
The maximum number of repeating characters allowed.
The minimum number of character groups the password has to contain if it is
The error message fragment to show if the password does not contain characters from enough character groups.
The error message fragment to show if the password contains too many repeating characters.