Password Policy

You can enable a password policy to mandate the minimal required complexity of all user passwords or ACL passwords.

Regardless of whether the password policy is enabled, no password can be an empty string or null.

Password policy requirements

TigerGraph offers the following password policy. When enabled, all passwords must meet the following requirements:

  • Have a length between 8 and 128 characters

  • Have at least 1 upper-case letter and 1 lower-case letter

  • Have at least 1 number

  • Have at least 1 special character: !, ", #, $, %, &, ', (, ), *, +, ,, -, ., /, :, ;, <, =, >, ?, @, [, ], ^, _, `, {, |, }, ~

Enable password policy

If the password policy is enabled, you cannot use passwords that do not satisfy the policy when creating or altering a new user password or ACL password. Enabling the password policy does not prevent existing users with passwords that do not meet the requirements from logging in.

To enable the password policy, run the following commands:

$ gadmin config set Security.UserPasswordPolicy.Enable true (1)
$ gadmin config set Security.ACLPasswordPolicy.Enable true  (2)
$ gadmin config apply
$ gadmin restart gsql
1 Setting Security.UserPasswordPolicy.Enable to true applies the password policy to passwords for TigerGraph database users.
2 Setting Security.ACLPasswordPolicy.Enable to true applies the password policy to ACL passwords.