# Password requirements enforcement

**🚨 Prerequisite: Multi-Factor authentication (MFA)**

This document defines the **password requirements** enforced to protect Personal Accounts during **sign-up**, **password creation**, and **password updates**.

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

#### Purpose <a href="#purpose" id="purpose"></a>

This guide explains:

* What password rules are required
* Why these requirements exist
* How to create a strong and secure password

***

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before creating or updating a password:

* You must be signing up with email and password, or
* You are setting or updating a password after account creation

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

***

### 1. Minimum Password Requirements <a href="#id-1.-minimum-password-requirements" id="id-1.-minimum-password-requirements"></a>

To help protect your account, your password must meet **all** of the following requirements:

* Be **at least 8 characters long**
* Include **at least one uppercase letter** (A–Z)
* Include **at least one lowercase letter** (a–z)
* Include **at least one number** (0–9)
* Include **at least one special character**\
  (for example: `! @ # $ % ^ & *`)

Password validation is performed **in real time** and must pass before continuing.

***

### 2. Why These Requirements Matter <a href="#id-2.-why-these-requirements-matter" id="id-2.-why-these-requirements-matter"></a>

Using a strong password helps to:

* Prevent unauthorized access to your account
* Reduce the risk of brute-force attacks
* Protect against credential-stuffing attacks
* Keep your personal information secure

***

### 3. Examples <a href="#id-3.-examples" id="id-3.-examples"></a>

#### Valid Passwords <a href="#valid-passwords" id="valid-passwords"></a>

* `Secure@123`
* `MyPassw0rd!`
* `Login#2024`

***

#### Invalid Passwords <a href="#invalid-passwords" id="invalid-passwords"></a>

* `password`\
  \&#xNAN;*(Missing uppercase letter, number, and special character)*
* `Password`\
  \&#xNAN;*(Missing number and special character)*
* `Pass1234`\
  \&#xNAN;*(Missing special character)*
* `Ab@1`\
  \&#xNAN;*(Too short)*

***

### 4. Tips for Creating a Strong Password <a href="#id-4.-tips-for-creating-a-strong-password" id="id-4.-tips-for-creating-a-strong-password"></a>

* Avoid using personal information such as your name or email address
* Do not reuse passwords from other websites
* Consider using a password manager to generate and store strong passwords securely

***

### 5. Enforcement and Security Behavior <a href="#id-5.-enforcement-and-security-behavior" id="id-5.-enforcement-and-security-behavior"></a>

Password requirements are enforced during:

* **Sign up with Email and Password**
* **Password creation after Google sign-up**
* **Password reset (Forgot Password)**
* **Password change from Account Settings**

Additional security rules:

* Passwords are **case-sensitive**
* Passwords are **never stored in plain text**
* Secure hashing algorithms are used for password storage

***

### Additional notes <a href="#additional-notes" id="additional-notes"></a>

* You can change your password at any time from **Account Settings**
* If you forget your password, use the **Forgot Password** option to reset it
* Business accounts may apply stricter password policies

***

### Summary <a href="#summary" id="summary"></a>

* Strong password rules protect user accounts
* Requirements are enforced consistently across all flows
* Real-time validation improves usability and security
* Secure storage ensures passwords remain protected


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/user-guide/account-management/authentication/password-requirements-enforcement.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.