Setting your password policy
Was this helpful?
Was this helpful?
Element name: ⚙️ system_password
The Canvas template includes a built-in password strength check UI during the signup flow and anywhere the user is required to reset their password. By default, the minimum acceptable password strength is medium.
You can manage the requirements for your password policy directly from the Admin portal of your application. From the left menu click on Settings > Password policy.
The password strength is calculated using Bubble's algorithm, which broadly incorporates the number of characters, use of uppercase versus lowercase characters, and use of numbers versus special characters. In Canvas, we use this number to determine the password strength levels:
Very weak (0-19)
Password length is less than 8 characters
No special character, number, or uppercase letter
Common words
Weak (20-59)
Password longer than or equal to 8 in length
Password includes at least one special character, number, or uppercase letter
Medium (60-69)
Password longer than or equal to 8 in length
Password includes at least two: special character, number, or uppercase letter
Strong (70-79)
Password longer than or equal to 8 in length
Includes a combination of special characters, numbers, and uppercase letters
*75=Google suggested passwords
Very strong (80-100)
Password longer than or equal to 8 in length
Includes a combination of numbers and uppercase letters
Includes multiple special characters
Here's the criteria Bubble uses to assess a password's strength:
35 for having a password longer than or equal to 8 in length
20 for having an uppercase letter
10 for a lowercase letter
10 for a number
25 for special characters/symbols (anything not alphanumberical)
-100 for common passwords
This Canvas feature uses Bubble's and not Bubble's built-in password policy feature (App Bubble editor > Settings tab > General tab > Privacy & Security section).
