Enforce a strong password policy

Current version: 9.0

Applies to

All core roles

Sitecore uses the Microsoft ASP.NET Membership Provider as the out-of-the-box user management system. Sitecore recommends that you change the password policy to one that works for your organization.

In the web.config file, in the <membership> section, you can set the following properties:

  • minRequiredPasswordLength

  • minRequiredNonAlphanumericCharacters

  • maxInvalidPasswordAttempts

  • passwordAttemptWindow

  • passwordStrengthRegularExpression

For more information, see:

Do you have some feedback for us?

If you have suggestions for improving this article,