There is not currently a way to set password complexity requ

Question

There is not currently a way to set password complexity requirements correct

Jason · Answer

Devils advocate question If someone has the organizational need for password complexity requirements shouldn t they be using an IDP and SAML auth instead

defensivedepth · Answer

For clarity this PR allows customization of currently hardcoded password complexity requirements

defensivedepth · Answer

Also if implementing FleetDM primarily as a security tool I would not connect it to the org s centralized auth system

Jason · Answer

That s an interesting take I ve never heard before but ok

defensivedepth · Answer

Certainly not universally accepted in the industry but it is a widespread recommendation for instance <https docs securityonion net en 2 3 faq html can i connect security onion to active directory or ldap can i connect security onion to active directory or ldap|https docs securityonion net en 2 3 faq html can i connect security onion to active directory or ldap can i connect securi ive directory or ldap>

Jason · Answer

Oh well thats a little different but I may agree with that I personally don t believe that straight AD or LDAP actually qualify as a proper IDP or get anywhere past NIST AAL level1