Password policyΒΆ

The SecurityBundle allows to define a password policy by configuring a pattern. The pattern will be used to validate the input of the user in the administration interface and programatically created users in the UserManager.

The following example enables the default pattern of sulu (minimum length of 8 characters).

# file: config/packages/sulu_security.yaml

sulu_security:
    password_policy:
        enabled: true

The configuration below sets an example pattern that validates the password against following constraints:

  • The password length must be greater than or equal to 8
  • The password must contain one or more uppercase characters
  • The password must contain one or more lowercase characters
  • The password must contain one or more numeric values
  • The password must contain one or more special characters
# file: config/packages/sulu_security.yaml

sulu_security:
    password_policy:
        enabled: true
        pattern: '(?=^.{8,}$)(?=.*\d)(?=.*[^a-zA-Z0-9]+)(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'
        info_translation_key: app.password_information

Dont forget to provide a translation that explains your password policy to the user by setting the info_translation_key configuration.

{
    "app.password_information": "Passwords have a minimum length of 8 characters and must contain one or more uppercase characters, one or more lowercase characters, one or more numeric values, one or more special characters."
}