Login and registration using passwords
The combination of identifier (username, email, phone number) and password is the oldest and most common way to authenticate users on the internet. Ory supports registering, importing, recovering, and changing passwords with an industry best-practice security and password policies.
Try out the flow yourself at our password demo.
Disable passwords
To disable or enable passwords:
Do not disable the password strategy once you have users using this method in your system. They will not be able to sign in anymore and will need to recover their account.
- Ory Console
- Ory CLI
- Go to Authentication → General in the Ory Console
- Use the Enable Password Authentication toggle
ory patch identity-config "$PROJECT_ID" \
  --replace '/selfservice/methods/password/enabled=true'
Custom identity schema
When using a custom identity schema, make sure to mark the field which is the password identifier (username, email, phone number). To allow both the username and email address for signing in, define
{
  // ...
  "ory.sh/kratos": {
    credentials: {
      password: {
        identifier: true,
      },
    },
  },
}
for both username and email fields:
{
  "$id": "https://example.com/example.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "first_name": {
          "type": "string"
        },
        "email": {
          "type": "string",
          "format": "email",
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              }
            }
          }
        },
        "username": {
          "type": "string",
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              }
            }
          }
        }
      },
      "additionalProperties": false
    }
  }
}