Password Policy

The password policy historically defined what made a valid password — minimum length and character requirements — in your workspace.

This policy no longer applies — sign-in is passwordless TestOrchestrator no longer uses passwords. Users sign in with an email magic link / one-time code, or with Google or GitHub — see Log In. There is no longer any point in the flow where a password is created or entered, so the password-policy settings below have no effect. The controls still appear on the Internal tab in Admin → Authentication and can still be saved, and are documented here for reference.

Settings reference

These settings still appear on the Internal tab under Admin → Authentication, in the Password Policy section, and are listed here for reference. They no longer affect sign-in.

Setting Default Constraint What it does
Minimum length 12 Min 12, max 64 The minimum number of characters a password must contain. Cannot be set below 12.
Require lowercase (a–z) On Password must contain at least one lowercase letter.
Require uppercase (A–Z) On Password must contain at least one uppercase letter.
Require number (0–9) On Password must contain at least one digit.
Require special character On Password must contain at least one non-alphanumeric character (e.g., !, @, #).

Validation rules on save

If you do edit these legacy values, the admin form still enforces two rules when you save:

  • Minimum length floor: The value cannot be set below 12. If you enter a lower number, the save is rejected with an error.
  • Minimum two character categories: At least two of the four character type requirements (lowercase, uppercase, number, special) must remain enabled. Disabling all four — or leaving only one — is not permitted.