Auth0 Home Blog Docs

Special Characters ignored for Good Password Strength

  • Select Good Password Strength as Password Policy.
  • Type in: Ab123456
  • Password is accepted, though no special characters present
  • Why?!


:wave: @sw1

For Good Password Strength the requirement is to have at a minimum 3 of the 4 types of characters. The user does not have to have all 4.

In the example you provided you have 3/4. You have 1) a lower case letter, 2) an upper case letter, and 3) a number.


Ohh, didn’t recognize that hint! Thanks.
But this means there is no difference between Good and Fair setting! From the requirements description it’s very easy to overlook that only 3 of 4 types are required, and it is also a little inconsistent because on every character entry the points are marked as fulfilled, so one would expect that special characters should be present.

My feedback as user :slight_smile: