# Setting your password policy

**Element name:** ⚙️ system\_password

{% hint style="info" %}
Setting your password policy in the admin portal will automatically update the password strength check throughout Canvas.&#x20;
{% endhint %}

The Canvas template includes a built-in password strength check UI during the signup flow and anywhere the user is required to reset their password. By default, the minimum acceptable password strength is **medium**.&#x20;

You can manage the requirements for your password policy directly from the Admin portal of your application. From the left menu click on Settings > Password policy.&#x20;

<img src="/files/noL61s8bxUlbgymh6tlW" alt="" width="375">

{% hint style="warning" %}
This Canvas feature uses Bubble's [password strength feature](https://manual.bubble.io/core-resources/elements/states#...s-password-strength) and not Bubble's built-in password policy feature (App Bubble editor > Settings tab > General tab > Privacy & Security section).&#x20;
{% endhint %}

### Password strength levels

The password strength is calculated using Bubble's algorithm, which broadly incorporates the number of characters, use of uppercase versus lowercase characters, and use of numbers versus special characters. In Canvas, we use this number to determine the password strength levels:

* **Very weak (0-19)**
  * Password length is less than 8 characters
  * No special character, number, or uppercase letter
  * Common words
* **Weak (20-59)**
  * Password longer than or equal to 8 in length
  * Password includes at least one special character, number, or uppercase letter
* **Medium (60-69)**
  * Password longer than or equal to 8 in length
  * Password includes at least two: special character, number, or uppercase letter
* **Strong (70-79)**
  * Password longer than or equal to 8 in length
  * Includes a combination of special characters, numbers, and uppercase letters
  * \*75=Google suggested passwords
* **Very strong (80-100)**
  * Password longer than or equal to 8 in length
  * Includes a combination of numbers and uppercase letters
  * Includes multiple special characters<br>

Here's the criteria Bubble uses to assess a password's strength:

* 35 for having a password longer than or equal to 8 in length
* 20 for having an uppercase letter
* 10 for a lowercase letter
* 10 for a number
* 25 for special characters/symbols (anything not alphanumberical)
* -100 for common passwords


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.airdev.co/canvas/canvas-functionality/miscellaneous/setting-your-password-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.