Password complexity

Metabase offers a couple controls for administrators who prefer to increase the password requirements on their user accounts.

export MB_PASSWORD_COMPLEXITY=strong
export MB_PASSWORD_LENGTH=10

The settings above can be used independently, so it’s fine to use only one or the other. By default Metabase use complexity = normal and a password length of 6. The following options are available for complexity choice:

  • weak = no character constraints
  • normal = at least 1 digit
  • strong = minimum 8 characters w/ 2 lowercase, 2 uppercase, 1 digit, and 1 special character

By default, Metabase also prevents users from setting passwords that are in a list of common passwords (like qwerty123 and passw0rd). Changing the complexity requirement to weak disables this behavior.

Read docs for other versions of Metabase.