From 824c26cd5ebf45ce3d33b5fd57063c693f1973d5 Mon Sep 17 00:00:00 2001
From: linoman <2051016+linoman@users.noreply.github.com>
Date: Fri, 1 Mar 2024 03:56:26 -0600
Subject: [PATCH] Password Policy: add documentation (#83208)

* add documentation

* Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md

---------

Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
---
 .../configure-authentication/grafana/index.md | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md b/docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md
index 05db6153133..2b912ce8f8d 100644
--- a/docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md
+++ b/docs/sources/setup-grafana/configure-security/configure-authentication/grafana/index.md
@@ -112,6 +112,27 @@ To disable basic auth:
 enabled = false
 ```
 
+### Strong password policy
+
+By default, the password policy for all basic auth users is set to a minimum of four characters. You can enable a stronger password policy with the `password_policy` configuration option.
+
+With the `password_policy` option enabled, new and updated passwords must meet the following criteria:
+
+- At least 12 characters
+- At least one uppercase letter
+- At least one lowercase letter
+- At least one number
+- At least one special character
+
+```bash
+[auth.basic]
+password_policy = true
+```
+
+{{% admonition type="note" %}}
+Existing passwords that don't comply with the new password policy will not be impacted until the user updates their password.
+{{% /admonition %}}
+
 ### Disable login form
 
 You can hide the Grafana login form using the below configuration settings.