What password requirements exist for new users?

Question

My site contains a front-end registration form. New users will be automatically activated, and can begin using their account immediately.

What password requirements exist?

I vaguely remember a 6-character minimum... Is that accurate, and are there any other requirements to be aware of?

Brad Bell · Accepted Answer · 2017-08-08T18:40:29.733

7

Craft 2:

By default Craft enforces a 6 character minimum as the only password requirement, but as of Craft 2.3, a plugin can now listen for the users.onBeforeSetPassword event to enforce any password requirements it wants for newly set/changed passwords and set $performAction = false to cancel the action with any validation errors returned on the UserModel.

Craft 3:

This has changed quite a bit for Craft 3... here is how you would pull it off:

use craft\elements\User;
use yii\base\Event;
use yii\base\ModelEvent;

Event::on(User::class, User::EVENT_BEFORE_VALIDATE, function(ModelEvent $event) {
    /** @var User $user */
    $user = $event->sender;

    if ($user->newPassword !== null) {
        $validates = $this->validateNewPassword($user->newPassword);

        if (!$validates) {
            $user->addError('newPassword', Craft::t('plugin-handle', 'Invalid password'));
            $event->isValid = false;
        }
    }
});

edited Aug 08 '17 at 18:40

answered Oct 09 '14 at 22:54

Brad Bell

67,440
6
73
143

Glad to hear we'll be able to customize this more in the future! – Ben Parizek Nov 14 '14 at 00:53
Has this changed at all in the past year? We would like to define password requirements that would apply everywhere (new user front-end registration, front-end password update form, email reset link) – John O Nov 09 '15 at 20:19
@JohnO Indeed... updated answer. – Brad Bell Nov 09 '15 at 21:05
Awesome, thank you! – John O Nov 09 '15 at 22:45

What password requirements exist for new users?

1 Answers1

Linked