ERPNext password policy

How can i define policy password for erpnext users,

ie. user must change password every x days,

password must meet certain complexity rules like minimum length, not reuse old passwords etc.

Also when you change a user password erpnext send and email to the user with the password is it possible to send a reset password link instead,

A password strength indicator was added to the update password page in Frappe v7 (Release Release v7.0.0 · frappe/erpnext · GitHub). I dont think there is a way to dictate minimum password strength system-wide though.

Changing passwords every x days is also currently not possible.

As a workaround to deal with these limitations, maybe consider using an LDAP server which enforces these policies as an auth backend…

For changing user password, rather than doing it as an admin, have users use the “Forgot Password” page to get a link.

1 Like

Thank you