Skip to main content

Enforce a strong password policy


How to enforce a strong password policy on Sitecore Core roles.

Applies to

All core roles

Sitecore uses the Microsoft ASP.NET Membership Provider as the out-of-the-box user management system. Sitecore recommends that you change the password policy to one that works for your organization.

In the web.config file, in the <membership> section, you can set the following properties:

  • minRequiredPasswordLength

  • minRequiredNonAlphanumericCharacters

  • maxInvalidPasswordAttempts

  • passwordAttemptWindow

  • passwordStrengthRegularExpression

For more information, see: