1. Security tasks

Enforce a strong password policy

Version:
Applies toAll core roles

Sitecore uses the Microsoft ASP.NET Membership Provider as the out-of-the-box user management system. Sitecore recommends that you change the password policy to one that works for your organization.

In the web.config file, in the <membership> section, you can set the following properties:

  • minRequiredPasswordLength
  • minRequiredNonAlphanumericCharacters
  • maxInvalidPasswordAttempts
  • passwordAttemptWindow
  • passwordStrengthRegularExpression

For more information, see:

If you have suggestions for improving this article, let us know!