Articles on: Frequently Asked Questions

Password blacklist

Password complexity remains one of the key to keep the user's identity safe.
Keycloak offers various configuration to ensure minimum requirements regarding the user passwords.

A good practice is to forbid serval passwords that are known to be unsafe because there are too often used.

All the deployments come with a predefined list of the top 10 000 worst passwords.
Simply add the Password blacklist policy referencing the file top-10000.txt.

Configuration example

However, depending on the language of your users, customer might need a different list of restriction.

In this case, please contact Cloud-IAM support team to get the procedure and upload your list on the deployment nodes.

Updated on: 20/12/2022

Was this article helpful?

Share your feedback


Thank you!