gitlab-org--gitlab-foss/doc/security/password_length_limits.md

2.9 KiB

type
reference, howto

Custom password length limits

By default, GitLab supports passwords with:

  • A minimum length of 8.
  • A maximum length of 128.

GitLab administrators can modify password lengths:

  • Using configuration file.
  • From GitLab 12.6, using the GitLab UI.

Modify maximum password length using configuration file

The user password length is set to a maximum of 128 characters by default. To change that for installations from source:

  1. Edit devise_password_length.rb:

    cd /home/git/gitlab
    sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
    sudo -u git -H editor config/initializers/devise_password_length.rb
    
  2. Change the new password length limits:

    config.password_length = 12..135
    

    In this example, the minimum length is 12 characters, and the maximum length is 135 characters.

  3. Restart GitLab for the changes to take effect.

NOTE: Note: From GitLab 12.6, the minimum password length set in this configuration file will be ignored. Minimum password lengths will now have to be modified via the GitLab UI instead.

Modify minimum password length using GitLab UI

Introduced in GitLab 12.6

The user password length is set to a minimum of 8 characters by default. To change that using GitLab UI:

In Admin Area > Settings (/admin/application_settings/general), go to the section Sign-up restrictions.

Minimum password length settings

Set the Minimum password length to a value greater than or equal to 8 and hit Save changes to save the changes.

CAUTION: Caution: Changing minimum or maximum limit does not affect existing user passwords in any manner. Existing users will not be asked to reset their password to adhere to the new limits. The new limit restriction will only apply during new user sign-ups and when an existing user performs a password reset.