2 files changed, 7 insertions, 2 deletions

diff --git a/develop/usage/configuration/config_documentation.html b/develop/usage/configuration/config_documentation.html

index 9e5e68d172..8f2ea3668e 100644
--- a/develop/usage/configuration/config_documentation.html
+++ b/develop/usage/configuration/config_documentation.html
@@ -2594,7 +2594,10 @@ validation will fail without configuring audiences.</li>
 <p>Use this setting to enable password-based logins. </p>
 <p>This setting has the following sub-options:</p>
 <ul>
-<li><code>enabled</code>: Defaults to true.</li>
+<li><code>enabled</code>: Defaults to true.
+Set to false to disable password authentication.
+Set to <code>only_for_reauth</code> to allow users with existing passwords to use them
+to log in and reauthenticate, whilst preventing new users from setting passwords.</li>
 <li><code>localdb_enabled</code>: Set to false to disable authentication against the local password
 database. This is ignored if <code>enabled</code> is false, and is only useful
 if you have other <code>password_providers</code>. Defaults to true. </li>
diff --git a/develop/usage/configuration/homeserver_sample_config.html b/develop/usage/configuration/homeserver_sample_config.html

index 40e5fc205d..5055a21f3e 100644
--- a/develop/usage/configuration/homeserver_sample_config.html
+++ b/develop/usage/configuration/homeserver_sample_config.html
@@ -2372,7 +2372,9 @@ sso:
 
 
 password_config:
-   # Uncomment to disable password login
+   # Uncomment to disable password login.
+   # Set to `only_for_reauth` to permit reauthentication for users that
+   # have passwords and are already logged in.
    #
    #enabled: false