Password reset: I can put a password without special characters


I have a weird behaviour on the password reset page:
The rule to make special characters required is activated, yet when I click on Forgot Password and fill a password, such as Test1234, in the tooltip, the special characters is not check, but I can still click on change password and it works, so now my user has a password without any special characters.

Thanks in advance for the help !

Hi @c.eraud,

Welcome to the Auth0 Community!

I understand you encountered problems with your password strength policy.

After looking closely at your screenshot and testing this locally myself, I noticed that the password policy is behaving as expected.

Note that the wording states "At least 3 of the following", which the password “Test1234” satisfies.

In this case, the provided password is allowed and complies with the password policy. I recommend checking out our Password Strength in Auth0 Database Connections documentation for more information.

Please let me know if you have any additional questions.


Hi @rueben.tiow ,

Thank you for the reply, indeed I didn’t see this, this solves my question.
Is there by any chance a simple way of making sure all the rules are checked ? I didn’t see it in the Password Policy of the database management.

Thank you,

1 Like

Hi @c.eraud,

Thank you for your response and feedback.

It looks like our Engineering team has this item backlogged to force special characters as part of the requirement for the password strength (4 of 4).

At this time, I’m unable to provide an ETA as to when this feature will be added, but once that happens, I will mention it on this thread.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.