Do not apply password policy at login [Updated in Security Center 1.5 and removed in 2.0]

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Manage how password complexity is handled in your instance.

    By setting the property glide.apply.password_policy.on_login to false there will be no password complexity enforcement at login time. Setting the property to true will enforce password complexity and lead to organization policy compliance issues.

    As per ASVS 4.03 v2.1.9 recommendations:

    "Verify that there are no password composition rules limiting the type of characters permitted. There should be no requirement for upper or lower case or numbers or special characters. (C6)"

    Instead of password complexity enforcement, ASVS recommendations are to enforce a minimum length of 12 characters for password length.

    Refer to OWASP ASVS v4.0 Authentication.

    More information

    Attribute Description
    Configuration name glide.apply.password_policy.on_login
    Configuration type System Properties (/sys_properties_list.do)
    Data type Boolean
    Recommended value false
    Default value false
    Category Authentication
    Security risk
    • Severity score: 4.4
    • CVSS score: Medium
    • Security risk details: Setting this property to true could enforce password complexity and lead to organization compliance issues.
    Dependencies and prerequisites None