Password requirements enforcement

🚨 Prerequisite: Multi-Factor authentication (MFA)

This document defines the password requirements enforced to protect Personal Accounts during sign-up, password creation, and password updates.

I am new. Where should I start?

Purpose

This guide explains:

  • What password rules are required

  • Why these requirements exist

  • How to create a strong and secure password

Prerequisites

Before creating or updating a password:

  • You must be signing up with email and password, or

  • You are setting or updating a password after account creation

I already understand. How do I proceed step by step?

1. Minimum Password Requirements

To help protect your account, your password must meet all of the following requirements:

  • Be at least 8 characters long

  • Include at least one uppercase letter (A–Z)

  • Include at least one lowercase letter (a–z)

  • Include at least one number (0–9)

  • Include at least one special character (for example: ! @ # $ % ^ & *)

Password validation is performed in real time and must pass before continuing.

2. Why These Requirements Matter

Using a strong password helps to:

  • Prevent unauthorized access to your account

  • Reduce the risk of brute-force attacks

  • Protect against credential-stuffing attacks

  • Keep your personal information secure

3. Examples

Valid Passwords

  • Secure@123

  • MyPassw0rd!

  • Login#2024

Invalid Passwords

  • password (Missing uppercase letter, number, and special character)

  • Password (Missing number and special character)

  • Pass1234 (Missing special character)

  • Ab@1 (Too short)

4. Tips for Creating a Strong Password

  • Avoid using personal information such as your name or email address

  • Do not reuse passwords from other websites

  • Consider using a password manager to generate and store strong passwords securely

5. Enforcement and Security Behavior

Password requirements are enforced during:

  • Sign up with Email and Password

  • Password creation after Google sign-up

  • Password reset (Forgot Password)

  • Password change from Account Settings

Additional security rules:

  • Passwords are case-sensitive

  • Passwords are never stored in plain text

  • Secure hashing algorithms are used for password storage

Additional notes

  • You can change your password at any time from Account Settings

  • If you forget your password, use the Forgot Password option to reset it

  • Business accounts may apply stricter password policies

Summary

  • Strong password rules protect user accounts

  • Requirements are enforced consistently across all flows

  • Real-time validation improves usability and security

  • Secure storage ensures passwords remain protected

PreviousGoogle OIDC: Sign in to Google via OtenNextSecure password hashing and storage

Last updated