diff --git a/topics/authentication/password-policies.adoc b/topics/authentication/password-policies.adoc
index 36deaeda26..8d9c405991 100644
--- a/topics/authentication/password-policies.adoc
+++ b/topics/authentication/password-policies.adoc
@@ -35,7 +35,7 @@ HashAlgorithm::
   on how to plug in your own algorithm.  Note that if you do change the algorithm, password hashes will not change in storage until
   the next time the user logs in.
 HashIterations::
-  This value specifies the number of times a password will be hashed before it is stored or verified.  The default value is 1.
+  This value specifies the number of times a password will be hashed before it is stored or verified.  The default value is 20,000.
   This hashing is done in the rare case that a hacker gets access to your password database.  Once they have the database
   they can reverse engineer user passwords.
   The industry recommended value for this parameter changes every year as CPU power improves.  The current recommended value