Email + Password
Configuring email and password authentication and requirements.
Email + Password authentication allows users to sign up and sign in to your application using an email address and password combination. This is one of the most common forms of authentication and is enabled by default.
In the majority of cases, no additional configuration is required. However, depending on your application’s security requirements you may wish to modify the password strength policy.
A strong set of password rules are applied to all users by default. This ensures that:
- All passwords meet a minimum required length
- Low complexity passwords are rejected
- Breached passwords (flagged by haveibeenpwned) are rejected
These defaults are recommended in the majority of cases, however, if you wish to modify the password policy you can do so in the Authentication section of the WorkOS dashboard.
AuthKit will enforce these within the sign up and password reset flows.
Disabling this method entirely will prevent users from signing up or signing in using a password. This is useful when you want to restrict access to your application to only those users who have been provisioned via SSO.
If you’d prefer to build and manage your own authentication UI, you can do so via the User Management Authentication API.
Examples of building custom UI are also available on GitHub.