FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Are there any disallowed characters in passwords?

    Scheduled Pinned Locked Moved
    Q&A
    passwords
    2
    3
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      With FusionAuth passwords, are there any characters that are verboten? Like ! or " or \ or / ?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        There are no inherent limitations of password stored in FusionAuth.

        You can, however, choose to limit passwords using password rules. You can set these up at the Tenant level; look for the "Password settings" section under the "Password" tab.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        robotdanR 1 Reply Last reply Reply Quote 0
        • robotdanR
          robotdan @dan
          last edited by robotdan

          In the UI you can select "Special character" to require at least one special character. If anyone is looking to understand which characters will satisfy this requirement read on.

          If you view the tooltip or the API - you’ll see the configuration is actually for non-alpha-numeric.

          https://fusionauth.io/docs/v1/tech/apis/tenants#create-a-tenant

          tenant.passwordValidationRules.requireNonAlpha
          Whether to force the user to use at least one non-alphanumeric character.

          So instead of limiting this to a specific set of special characters, we allow it to be any character that is not a unicode alphabetic and not a digit. In this way, we do not artificially limit the entropy of the password by saying you must use one or more characters for a finite set of "special characters" as you may be used to seeing on some login forms.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post