Firebaseui-web: Set Minimum Password Length Firebase Email & Password Authentication

Created on 20 Dec 2019 · 8Comments · Source: firebase/firebaseui-web

Hi!

Currently, Firebase will through a FirebaseAuthWeakPasswordException if the password length is less that 6.

Could additional password rules be configured on the client side, for example if we would like to encore a minimum password length of 8 ? The IT Security team of a client is requesting this minimum password length.

The minimum password length or custom rules could be specified in Other config options...
ui.start('#firebaseui-auth-container', {
signInOptions: [
// List of OAuth providers supported.
...
firebase.auth.EmailAuthProvider.PROVIDER_ID
],
// Other config options...
});

Alternatives were discussed in this Stackoverflow thread, but none seems convincing,
https://stackoverflow.com/questions/36318198/set-minimum-password-length-firebase-email-password-authentication

Thanks for considering this enhancement or suggesting an alternative approach,
Elian

auth internal-bug-filed p2

Source

namsor

👍5

Most helpful comment

Hey @namsor, we may consider setting a client side enforcement in firebaseui via some regex. Though the risk is if the user cannot meet the regex requirements, we still need a custom error message to guide the user beyond just a message that the password is too weak.

What is the status on this guys?

mohiyuddinshaikh on 15 Feb 2021

👍5 👀4

All 8 comments

Hey @namsor, we may consider setting a client side enforcement in firebaseui via some regex. Though the risk is if the user cannot meet the regex requirements, we still need a custom error message to guide the user beyond just a message that the password is too weak.

bojeil-google on 20 Dec 2019

Thank you, yes. The custom error message could be passed along with the regexp.

namsor on 26 Dec 2019

I'm also interested - will the minimum password length be available for configuration?

nordknight on 13 Mar 2020

👍2

Also, please, don't forget about password recovery. Because it should have the same rule.

andrew-mikhailov-zfort on 1 Jun 2020

👍2

Hey @namsor, we may consider setting a client side enforcement in firebaseui via some regex. Though the risk is if the user cannot meet the regex requirements, we still need a custom error message to guide the user beyond just a message that the password is too weak.

What is the status on this guys?

mohiyuddinshaikh on 15 Feb 2021

👍5 👀4

Having some kind of built in mechanism to control password regex for firebase authentication would be amazing.

wildkatana on 7 Apr 2021

Please guys, develop this functionality. It could look somethings like these.

const rules = [ 
  {
    rule: "some regex",
    message: "My error message for this rule"
  },
  {
    rule: "some other regex",
    message: "My error message for this rule"
  },
  // ... more rules
];

await firebase.auth().enforcePasswordRules(rules);

luanlucho on 4 May 2021

👍1

Hi all, thanks for your input on this feature request! We are unable to promise any timeline for this, but if others also have this request, adding a +1 on this issue can help us prioritize adding this to the roadmap.

Internal tracking bug: b/188591575