PasswordPolicy
NIST SP 800-63B 기반 비밀번호 정� 검증과 재사용 방지
Status
| Key | Value |
|---|---|
| Layer | existing |
| Tier | L0 |
| Status | released |
| Version | 1.1.0 |
| Price | Free (free) |
| Category | Security & Auth |
Overview
Overview
PasswordPolicy validates tenant user passwords in the direction of NIST SP 800-63B and prevents password reuse.
Features
- Minimum and maximum length validation
- Optional complexity rules, disabled by default
- Common password blocking
- Blocking passwords containing user identifiers such as email or name
- Recent password reuse prevention through
plg_pwd_history - SaaS Product / Tenant
settings.password_policyoverrides
Scope
Forced periodic expiration and HIBP lookup are not built in. Periodic expiration is disabled by default following NIST guidance, and breached-password lookup can be added through a separate adapter later.
License
MIT
Demos
- PasswordPolicy 서비스 검증 🔒 Login required
🛒 View on Plugin Store: store.codebase.how/plugins/password-policy