Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

image.png

Password length is probably the one where you could make it more strict by changing the default, but if you're looking into requiring special characters etc. I think this needs to be handled by your own application.

I was thinking more about complexity, i.e. our previous login system required at least one upper case, one lower case and a special character as well as a minimum length.

Checkout this doc: <https://www.ory.sh/docs/concepts/password-policy>