Passwords limited to 16-character maximum

Azure-Samples / active-directory-b2c-custom-policy-starterpack

Azure AD B2C now allows uploading of a Custom Policy which allows full control and customization of the Identity Experience Framework

http://aka.ms/aadb2ccustom

MIT License

326 stars 386 forks source link

Passwords limited to 16-character maximum #145

Open meulop opened 1 year ago

meulop commented 1 year ago

The regex for the newPassword and reenterPassword claims limit maximum password length to 16 characters. They should instead probably default to a maximum of 64 characters to max the "Strong" password complexity setting for user flows.