Password Security

Beta License: LGPL-3 OCA/server-auth Translate me on Weblate Try me on Runbot

This module allows admin to set company-level password security requirements and enforces them on the user.

It contains features such as

  • Password expiration days
  • Password length requirement
  • Password minimum number of lowercase letters
  • Password minimum number of uppercase letters
  • Password minimum number of numbers
  • Password minimum number of special characters
  • Password strength estimation

Table of contents


Navigate to General Settings under Configuration Scroll down to the Password Policy section Set the policies to your liking.

Password complexity requirements will be enforced upon next password change for any user in that company.

Settings & Defaults

These are defined at the company level:

Name Default Description
password_expiration 60 Days until passwords expire
password_length 12 Minimum number of characters in password
password_lower 0 Minimum number of lowercase letter in password
password_upper 0 Minimum number of uppercase letters in password
password_numeric 0 Minimum number of number in password
password_special 0 Minimum number of unique special character in password
password_history 30 Disallow reuse of this many previous passwords
password_minimum 24 Amount of hours that must pass until another reset
password_estimate 3 Required score for the strength estimation.


Configure using above instructions for each company that should have password security mandates.

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us smashing it by providing a detailed and welcomed feedback.

Do not contact contributors directly about support or help with technical issues.



  • LasLabs
  • Kaushal Prajapati
  • Tecnativa
  • initOS GmbH



This module is maintained by the OCA.

Odoo Community Association

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

This module is part of the OCA/server-auth project on GitHub.

You are welcome to contribute. To learn how please visit

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Please choose a rating from 1 to 5 for this module.
How to fix this error?
Diether Manalo
on 8/15/20, 3:38 AM

File "c:\program files (x86)\odoo 12.0\server\odoo\addons\password_security\models\", line 89, in get_estimation return zxcvbn.zxcvbn(password) AttributeError: module 'zxcvbn' has no attribute 'zxcvbn' This pop-out after i change password

Odoo13 Module
Kaja Mydeen
on 3/30/20, 11:53 AM

Hi Team, This module works good. We would like to have a odoo13 module. Let us know the module availability for Odoo13. Thanks.

dion arya pamungkas
on 10/20/19, 9:10 PM

i have installed this module, when we set the minimum number of character = 4, when the password expired its says need 12 characters, is the number on setting not function?