The Sector Starter Kit includes the Drupal Password Policy module - it allows sitebuilders to configure granular password policies.
Assessing and adapting your password policy
The PSR - Protective Security Requirements - for New Zealand set out guidelines to identify your threat level, and your threat level will help you to define your site's specific password policy. Managing authentication is more than password policies! It is listed as a critical control by cert.govt.nz and their site offers helpful advice.
The Starter Kit also includes a preconfigured password policy:
- Passwords expire after 90 days
- Password character length of at least 8
- Minimum password character types: 3
- Number of allowed repeated passwords: 1
To learn more about additional options for your password policy, read more in Password Policy module documentation.
To configure your own password policy go to