Passwords
Configure password-based login and password policies for the Wristband Identity Provider.
Password-based authentication is one of the login methods provided by the Wristband Identity Provider (IdP). When enabled, users authenticate by entering their email address and a password on the login page. This is the default login factor when a new Wristband application is created.
For more context, see:
- Identity Providers → An overview of the Wristband IdP and the other login methods it supports
- Login: Wristband-Hosted UI → How password login works for end users
Enabling Password Login
Password login is configured under Identity Providers → Wristband in the Application View of the Wristband Dashboard. The Supported Login Factors setting controls which login method is presented to users.
By default, users must log in with a password. If both passwords and magic links are enabled, users can toggle between the two on the login page, and you can configure which is presented first via the Primary Login Factor setting. See Magic Links for more.
Note: Password login requires the Wristband Identity Provider to be enabled for your application. If it is disabled, none of the Wristband IdP login factors will be available to users. Make sure the "Enable the Wristband identity provider?" toggle is turned on before configuring login factors.
The Primary Login Factor setting is visible when both passwords and magic links are enabled.
Tenant-Level Override
If you need a specific tenant to use a different login method, you can override this setting at the tenant level. To do so, select a tenant from the Select a Tenant to Configure dropdown in the side navigation menu (shown when in Application View), then navigate to Identity Providers → Wristband and enable the tenant override toggle.
Important: Enabling the tenant override affects all IdP types for that tenant, not just the Wristband IdP.
Wristband IdP settings in Tenant View with the tenant override toggle enabled.
Password Policies
Password policies let you define the complexity and security requirements for user passwords. They are configured under Security → Password Policies in the Application View.
Password Policies configuration in Application View.
The following settings are available:
- Minimum Password Length: The minimum number of characters required for a password. Must be between 8 and 64 characters. Defaults to 8.
- Require Lowercase Character: When enabled, passwords must contain at least one lowercase letter [a-z].
- Require Uppercase Character: When enabled, passwords must contain at least one uppercase letter [A-Z].
- Require Numeric Digit: When enabled, passwords must contain at least one number [0-9].
- Require Special Character: When enabled, passwords must contain at least one non-alphanumeric character (e.g.,
!,#,$,%,&). - Password Breach Detection: When enabled, Wristband checks passwords during creation and login against known data breaches. It is recommended to keep this enabled.
- Force Reset on Breached Password: Only applicable when breach detection is enabled. When enabled, users whose password is found to be compromised will be required to reset their password before they can log in. When disabled, users can still log in with a breached password but will not be forced to change it.
Tenant-Level Override
Password policies can also be overridden at the tenant level, allowing different tenants to have different password requirements. To configure a tenant-level override, select a tenant from the dropdown in the Application View, navigate to Security → Password Policies, and enable the tenant override toggle.
Password Policies configuration in Tenant View with the tenant override toggle enabled.
Updated 10 days ago