Customizing Password

Customize your Password authentication flow from the Descope console (Settings > Authentication Methods > Passwords).

The Passwords Authentication Method lets you authenticate end users using a secret string of characters known only to the user.

Descope recommends using an email address as the user identifier; this allows you to utilize passwordless methods like Magic Link in addition to passwords. These methods could be used for authentication when users forget their password or need to reset it easily.

Password Settings

Password Policy

Password policy forces users to select more robust passwords. We have chosen a default policy that corresponds with current best practices. You can change the password policy to make it more or less restrictive. Note that if you desire more restrictions, it may be harder for your users to remember the password they have chosen, and if you choose a less restrictive policy, passwords may be more easily compromised.

_Note: Password policy can also be overridden at a tenant level. More information about tenant level password policy can be found here.

All Settings

SettingDetailsRange[default]
Enable method in API and SDKThis toggle switch enables or disables the authentication method from being available for use within API and SDKEnabled/[Disabled]
Minimum Password LengthRequire users to choose a password equal to or longer than the number of characters specified.5-64 [8]
Require at least one lowercase characterRequire users to use at least one lowercase character in their password.[Checked]/Unchecked
Require at least one uppercase characterRequire users to use at least one uppercase character in their password.[Checked]/Unchecked
Require at least one numberRequire users to use at least one numeric character (0-9) in their password.[Checked]/Unchecked
Require at least one special characterRequire users to use at least one non-alphanumeric character in their password.[Checked]/Unchecked
Enable Password ExpirationWhen enabled, the user's password will expire after a specified period (in weeks), and the user will have to change their password.Checked/[Unchecked] 1-999 [26] weeks
Prevent Password ReuseSpecify how many previously used user passwords Descope will remember. When selecting a new password (e.g., after reset or password expiration), Descope will not allow using any previously used passwords.Checked/[Unchecked] 10-50 [10]
Lock account after x attemptsWhen a user enters an incorrect password more than x times, the user will be locked and unable to log in again.Checked/[Unchecked] 2-10 [5]
ConnectorWho will be listed as the sender of the enchanted link. The default is Descope.
TemplateIf you are using a customized connector, you can change the template of the email which your user will receive. The default is System.

Additional Details

This section describes additional details about the configuration options available.

Reset Password Email

This email will be sent to the user via the Magic Link method when the end user initiates a password reset process (e.g. when the user clicks the “forgot my password” link or when triggered by the admin in the Descope Console or API).

Method

You can define which method to use (Magic Link). Descope recommends using Magic Link as it is more suitable for resetting password processes.

Connector

You can define what email connector Descope will use to send the reset password email.

Email Connector

Descope supports utilizing your email connector. Currently, SMTP connectors and Sendgrid connectors are supported. You can configure an email connector by going to the applicable authentication method within the Descope console and clicking on the Email Connector, clicking add Sendgrid connector or add SMTP connector and configuring the necessary information.

Email Subject

The subject of the email that the end user will receive

Email Body

The HTML content used to create the email body. You can edit the email; however, keep the provided placeholders for the Magic Link to function correctly.