> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/user-guide/account-management/authentication/password-requirements-enforcement.md).

# Password requirements enforcement

**🚨 Prerequisite: Multi-Factor authentication (MFA)**

This document defines the **password requirements** enforced to protect Oten Accounts during **sign-up**, **password creation**, and **password updates**.

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

#### Purpose <a href="#purpose" id="purpose"></a>

This guide explains:

* What password rules are required
* Why these requirements exist
* How to create a strong and secure password

***

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before creating or updating a password:

* You must be signing up with email and password, or
* You are setting or updating a password after account creation

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

***

### 1. Minimum Password Requirements <a href="#id-1.-minimum-password-requirements" id="id-1.-minimum-password-requirements"></a>

To help protect your account, your password must meet **all** of the following requirements:

* Be **at least 8 characters long**
* Include **at least one uppercase letter** (A–Z)
* Include **at least one lowercase letter** (a–z)
* Include **at least one number** (0–9)
* Include **at least one special character**\
  (for example: `! @ # $ % ^ & *`)

Password validation is performed **in real time** and must pass before continuing.

***

### 2. Why These Requirements Matter <a href="#id-2.-why-these-requirements-matter" id="id-2.-why-these-requirements-matter"></a>

Using a strong password helps to:

* Prevent unauthorized access to your account
* Reduce the risk of brute-force attacks
* Protect against credential-stuffing attacks
* Keep your personal information secure

***

### 3. Examples <a href="#id-3.-examples" id="id-3.-examples"></a>

#### Valid Passwords <a href="#valid-passwords" id="valid-passwords"></a>

* `Secure@123`
* `MyPassw0rd!`
* `Login#2024`

***

#### Invalid Passwords <a href="#invalid-passwords" id="invalid-passwords"></a>

* `password`\
  \&#xNAN;*(Missing uppercase letter, number, and special character)*
* `Password`\
  \&#xNAN;*(Missing number and special character)*
* `Pass1234`\
  \&#xNAN;*(Missing special character)*
* `Ab@1`\
  \&#xNAN;*(Too short)*

***

### 4. Tips for Creating a Strong Password <a href="#id-4.-tips-for-creating-a-strong-password" id="id-4.-tips-for-creating-a-strong-password"></a>

* Avoid using personal information such as your name or email address
* Do not reuse passwords from other websites
* Consider using a password manager to generate and store strong passwords securely

***

### 5. Enforcement and Security Behavior <a href="#id-5.-enforcement-and-security-behavior" id="id-5.-enforcement-and-security-behavior"></a>

Password requirements are enforced during:

* **Sign up with Email and Password**
* **Password creation after Google sign-up**
* **Password reset (Forgot Password)**
* **Password change from Account Settings**

Additional security rules:

* Passwords are **case-sensitive**
* Passwords are **never stored in plain text**
* Secure hashing algorithms are used for password storage

***

### Additional notes <a href="#additional-notes" id="additional-notes"></a>

* You can change your password at any time from **Account Settings**
* If you forget your password, use the **Forgot Password** option to reset it
* Business accounts may apply stricter password policies

***

### Summary <a href="#summary" id="summary"></a>

* Strong password rules protect user accounts
* Requirements are enforced consistently across all flows
* Real-time validation improves usability and security
* Secure storage ensures passwords remain protected
