## Managing passwords Frontegg allows you to define and enforce secure password policies across your platform. As an admin, you can manage password settings globally at the environment level, override them for specific accounts, and even assist individual users with password resets — all through the Frontegg portal. These options can be configured globally at the environment level and overridden per account where stricter policies are required. Each of the following features can be managed independently. ### Password complexity Define how strong user passwords must be. You can choose from preset levels or define custom rules. #### Environment-level configuration Go to [ENVIRONMENT] → Authentication → Password. Choose one of the following levels: - **Easy**: Minimum of 6 characters, avoiding 3 recurring characters. - **Medium**: Minimum of 8 characters, including at least one uppercase letter, one lowercase letter, one number, and one special character, while avoiding 3 recurring characters. - **Hard**: Minimum of 10 characters, including at least one uppercase letter, one lowercase letter, one number, and one special character, while avoiding 3 recurring characters. - **Custom**: Define a specific length. To set a custom complexity, click **Manage Custom**, and set the required length. ![password-setup-1](/assets/password-setup-1.2c7f545bff2d8b25a9563479456a42329771a2f60e3d14023b9c3bbea420a098.740980a4.png) Once your settings are configured, click **Save** to apply them. #### Account-level override Go to [ENVIRONMENT] → Accounts → `` → Security → Password → Manage. You can override the password complexity at the account level using the same presets or a custom rule. ![password-setup-5](/assets/password-setup-5.8cd2620148e4f86705e75389aedebd0b85f6735f48760136041ea1016f933388.740980a4.png) ### Password history Prevent users from reusing previously used passwords by requiring a minimum number of unique passwords before reuse. #### Environment-level configuration Go to [ENVIRONMENT] → Authentication → Password. Toggle **Password History** on, then define how many passwords must be used before a previous one can be reused. ![password-setup-2](/assets/password-setup-2.fd3a382c7cb0fbd9c12e2dc4ec29de3df402d5e19f1910a176aa64d0a2664d2c.740980a4.png) ### Password expiration Force users to reset their passwords periodically by setting an expiration interval. #### Environment-level configuration Go to [ENVIRONMENT] → Authentication → Password. Set the number of days after which a user’s password must be updated. You can also configure how many days before expiration a prompt should appear. To do this, toggle **Password Expiration** on and set the number of days until user passwords expire and require renewal for security. ![password-setup-4](/assets/password-setup-4.bca23ec2d86befdd928ffb09858b2119e9732810736e592f722486da45a58449.740980a4.png) If needed, toggle **Password Expiration Prompt** on and set the number of days before expiration when users will be prompted to reset their password. br Prerequisites @frontegg/react@7.6.3 @frontegg/angular@7.13.1 @frontegg/vue@4.6.1 @frontegg/js@7.62.0 br #### Account-level override Go to [ENVIRONMENT] → Accounts → `` → Security → Password → Manage. You can override the password expiration policy at the account level using the same options. ![password-setup-4](/assets/password-setup-4.bca23ec2d86befdd928ffb09858b2119e9732810736e592f722486da45a58449.740980a4.png) #### Password recovery Frontegg enables end users to reset their password using either of the following methods: - A reset link sent to their email - A recovery code delivered via SMS ![password-recovery](/assets/password-recovery.e41ce131ef7c5f917e502acc82ada9d4b450803e210d1094e08c03d3cc055abb.740980a4.png) br If the user has an updated email address or phone number in Frontegg, they can receive a login code or link through those contact methods and proceed to set a new password. If the phone number is not yet verified, the user will receive a one-time code (OTC) to that number. Upon successful verification, the phone number will be marked as verified. br ![password-recovery](/assets/password-recovery-1.d901b0d8e6dc81e85a2ced6b1bf1f3bb76211a16f4630824af85872e8b06f579.740980a4.png) br Prerequisites @frontegg/react@7.10.3 @frontegg/angular@7.16.1 @frontegg/vue@4.9.1 @frontegg/js@7.79.0 @frontegg/nextjs@9.2.7 ##### Trigger reset password for a user If a user is unable to log in or requests support, you can manually send a reset password email directly from the **User** page. br Manual password reset Sending a reset password email from the **User** page does not override expiration or policy settings. It is intended for support or recovery scenarios only. br ### Email verification Require users to verify their email address before setting a password. #### Environment-level configuration Go to [ENVIRONMENT] → Authentication → Password and toggle **Email Verification** on to send a verification email during user sign-up. ![password-setup-3](/assets/password-setup-3.3f37f9b2525645311d8be1e50bc32dc980171a58855c49dce03264ddab5216ee.740980a4.png) ### Manual password reset Admins can manually send a password reset email to a specific user for support or recovery. 1. Go to [ENVIRONMENT] → Management → Users. 2. Click on a user to open their profile. 3. Click the **Send email** button in the **Send a reset password email to the user** section. ![password-setup-4](/assets/reset-password-single-user.b1f48e63d81b412ef18fe905c262429abd99aef349ef34160152a8de967402aa.740980a4.png) The user will receive an email with a secure link to set a new password. br