• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Are there any disallowed characters in passwords?

Scheduled Pinned Locked Moved
Q&A
passwords
2
3
1.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dan
    last edited by 26 Jun 2020, 01:20

    With FusionAuth passwords, are there any characters that are verboten? Like ! or " or \ or / ?

    --
    FusionAuth - Auth so modern you can download it.
    https://fusionauth.io

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by 26 Jun 2020, 01:21

      There are no inherent limitations of password stored in FusionAuth.

      You can, however, choose to limit passwords using password rules. You can set these up at the Tenant level; look for the "Password settings" section under the "Password" tab.

      --
      FusionAuth - Auth so modern you can download it.
      https://fusionauth.io

      R 1 Reply Last reply 9 Jan 2023, 18:30 Reply Quote 0
      • R
        robotdan @dan
        last edited by robotdan 1 Sept 2023, 18:31 9 Jan 2023, 18:30

        In the UI you can select "Special character" to require at least one special character. If anyone is looking to understand which characters will satisfy this requirement read on.

        If you view the tooltip or the API - you’ll see the configuration is actually for non-alpha-numeric.

        https://fusionauth.io/docs/v1/tech/apis/tenants#create-a-tenant

        tenant.passwordValidationRules.requireNonAlpha
        Whether to force the user to use at least one non-alphanumeric character.

        So instead of limiting this to a specific set of special characters, we allow it to be any character that is not a unicode alphabetic and not a digit. In this way, we do not artificially limit the entropy of the password by saying you must use one or more characters for a finite set of "special characters" as you may be used to seeing on some login forms.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post