Local Authentication (MFA included)

Knocknoc supports local users in addition to SAML/LDAP.

Simply add a user, with a username and password. Then assign them to a group or link them within a Knoc.

This is helpful for casual users, as you can set and expiry so for example if you have a web application you have written for a customer and want them to check out a demo version of it, you can add them a quick username and password, and have it expire in a week.

MFA is supported (see 2FA checkbox) for local users, with Knocknoc issuing a TOTP QR code for consumption.

This provides your "local" users with MFA, with enforcement covered by your Knocknoc Administrators. No additional license is required.

Password complexity for local users

We use zxcvbn to improve password security right at creation time by measuring guessability, not just “complexity checkboxes”. It’s a strength estimator inspired by real password-cracking approaches, using pattern matching plus conservative guess estimates. Out of the box it can detect common weak constructions like dictionary words, names, and widely used passwords, as well as predictable patterns such as dates, repeats (“aaa”), sequences (“abcd”), keyboard walks (“qwerty”), and l33t substitutions (“P@ssw0rd”), aligned to NIST SP 800-63.

That means passwords that look complex but are still easy to guess get flagged, while longer, unique passphrases are not unfairly penalized - supporting modern guidance that favors length and usability over arbitrary composition rules.

Examples of the kind of passwords zxcvbn helps users move away from:

P@ssw0rd1! (common base word + predictable substitution)
Summer2025! (season + year pattern)
Qwerty!234 (keyboard walk + sequence)

And toward a long, unique passphrase (e.g., multiple unrelated words, ideally generated/stored by a password manager).