Password guidelines recommendation

Admin password

  • Avoid using default password admin that is used by Neptune DXP - Open Edition.

  • If you are automating the provisioning of Neptune DXP - Open Edition, use the environment varibale INITIAL_ADMIN_PASSWORD, after the instance is provisioned, unset the environment variable as it is saved in the database.

  • We recommend using a 25 character password.

  • Use a random password generator if possible, e.g. 1Password Strong Password Generator.

  • Use a password sharing service to avoid relying in a single person and document how other people can get access to the password, do not share the password through email or chat.

  • Rotate the admin password periodically, if possible (at the time of writting this process cannot be automated).

  • Avoid saving the admin password in your browser.

User password

  • If possible use an external identity provider, to provision and authenticate users (both developers and end users), you can configure Neptune DXP - Open Edition to use external identity providers following this guide

  • If you don’t use an IDP we recommend the following

  • We recommend using a 14 character password.

  • Use a random password generator if possible, e.g. 1Password Strong Password Generator.

  • Rotate once a year user passwords.