The Canvas template includes a built-in password strength check UI during the signup flow and anywhere the user is required to reset their password. By default, the minimum acceptable password strength is medium.

You can manage the requirements for your password policy directly from the Admin portal of your application. From the left menu click on Settings > Password policy.

Password strength levels

The password strength is calculated using Bubble's algorithm, which broadly incorporates the number of characters, use of uppercase versus lowercase characters, and use of numbers versus special characters. In Canvas, we use this number to determine the password strength levels:

• Very weak (0-19)

  • Password length is less than 8 characters

  • No special character, number, or uppercase letter

  • Common words

• Weak (20-59)

  • Password longer than or equal to 8 in length

  • Password includes at least one special character, number, or uppercase letter

• Medium (60-69)

  • Password longer than or equal to 8 in length

  • Password includes at least two: special character, number, or uppercase letter

• Strong (70-79)

  • Password longer than or equal to 8 in length

  • Includes a combination of special characters, numbers, and uppercase letters

  • *75=Google suggested passwords

• Very strong (80-100)

  • Password longer than or equal to 8 in length

  • Includes a combination of numbers and uppercase letters

  • Includes multiple special characters

Here's the criteria Bubble uses to assess a password's strength:

• 35 for having a password longer than or equal to 8 in length

• 20 for having an uppercase letter

• 10 for a lowercase letter

• 10 for a number

• 25 for special characters/symbols (anything not alphanumberical)

• -100 for common passwords