Skip to main content

Login and registration using passwords

The combination of identifier (username, email, phone number) and password is the oldest and most common way to authenticate users on the internet. Ory supports registering, importing, recovering, and changing passwords with an industry best-practice security and password policies.

Try out the flow yourself at our password demo.

Disable passwords

To disable or enable passwords:

note

Do not disable the password strategy once you have users using this method in your system. They will not be able to sign in anymore and will need to recover their account.

  1. Go to AuthenticationRegistration in the Ory Console
  2. Use the Enable Password Authentication toggle

Custom identity schema

When using a custom identity schema, make sure to mark the field which is the password identifier (username, email, phone number). To allow both the username and email address for signing in, define

{
// ...
"ory.sh/kratos": {
credentials: {
password: {
identifier: true,
},
},
},
}

for both username and email fields:

{
"$id": "https://example.com/example.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"first_name": {
"type": "string"
},
"email": {
"type": "string",
"format": "email",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
}
}
},
"username": {
"type": "string",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
}
}
}
},
"additionalProperties": false
}
}
}