Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

Hey everyone,

I’ve started on a new MVC5 project and came across the following error message while trying to register a new user:

Passwords must have at least one non letter or digit character.
Passwords must have at least one digit (‘0’-‘9’).
Passwords must have at least one uppercase (‘A’-‘Z’)

While having a secure password is obviously important, I felt that most users would probably find these requirements a little extreme. After a bit of Googling I came across a StackOverflow post that mentioned a config class that you can use to edit these settings:

  1. // App_Start > IdentityConfig.cs
  2.  
  3. ...
  4.  
  5. // Configure validation logic for usernames
  6.             manager.UserValidator = new UserValidator<ApplicationUser>(manager)
  7.             {
  8.                 AllowOnlyAlphanumericUserNames = false,
  9.                 RequireUniqueEmail = true
  10.             };
  11.             // Configure validation logic for passwords
  12.             manager.PasswordValidator = new PasswordValidator
  13.             {
  14.                 RequiredLength = 6,
  15.                 RequireNonLetterOrDigit = true,
  16.                 RequireDigit = true,
  17.                 RequireLowercase = true,
  18.                 RequireUppercase = true,
  19.             };
  20.  
  21. ...

3 thoughts on “Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

  1. Anonymous

    thank you ! stupid MS for using these settings as default and there’s so many places to set password restrictions, I couldn’t find it until I found your post. thanks again.

    Reply
  2. Davide Bedin (@bedindavide)

    Thanks for the info.
    It seems like the StringLength attribute of property Identity.Models.RegisterViewModel.Password (in \Models\AccountViewModels.cs) overlaps the RequiredLength mentioned above, enforcing a MinimumLength:
    [StringLength(100, ErrorMessage = “The {0} must be at least {2} characters long.”, MinimumLength = 6)].
    So if you want to influence the password length (i.e. decrease to 5) you might have to modify both.
    I found a Q&A on SO that connected the dots for me: http://stackoverflow.com/questions/20953371/asp-net-identity-require-strong-passwords#comment40701479_25055885

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.