This article discusses how Okta decides which passwords are common when the Common password check is used in password policies.
- Password policy
- Security
- Management & Monitoring
- Active Directory Password Policy
In December 2023, Okta performed a major update to the common password list. Okta’s common password list now contains nearly 1,000,000 passwords from various sources (breached, sprayed, etc.). Okta has also introduced case-insensitive checking, meaning upper and lower case letters that match will be evaluated similarly (that is, PASSWORD and password, and any case combinations would be rejected). This effectively means that over 2.5 billion commonly used passwords will not be allowed to be set.
NOTE: Okta continuously monitors the industry security landscape and updates the list. Okta has no schedule for updating this list, but our team will update it ad hoc as more data becomes available. This list will not be made public.
