Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

Hey everyone,

I’ve started on a new MVC5 project and came across the following error message while trying to register a new user:

Passwords must have at least one non letter or digit character.
Passwords must have at least one digit (‘0’-‘9’).
Passwords must have at least one uppercase (‘A’-‘Z’)

While having a secure password is obviously important, I felt that most users would probably find these requirements a little extreme. After a bit of Googling I came across a StackOverflow post that mentioned a config class that you can use to edit these settings:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
// App_Start > IdentityConfig.cs
 
...
 
// Configure validation logic for usernames
            manager.UserValidator = new UserValidator<ApplicationUser>(manager)
            {
                AllowOnlyAlphanumericUserNames = false,
                RequireUniqueEmail = true
            };
            // Configure validation logic for passwords
            manager.PasswordValidator = new PasswordValidator
            {
                RequiredLength = 6,
                RequireNonLetterOrDigit = true,
                RequireDigit = true,
                RequireLowercase = true,
                RequireUppercase = true,
            };
 
...

3 thoughts on “Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

  1. Anonymous

    thank you ! stupid MS for using these settings as default and there’s so many places to set password restrictions, I couldn’t find it until I found your post. thanks again.

    Reply
  2. Davide Bedin (@bedindavide)

    Thanks for the info.
    It seems like the StringLength attribute of property Identity.Models.RegisterViewModel.Password (in \Models\AccountViewModels.cs) overlaps the RequiredLength mentioned above, enforcing a MinimumLength:
    [StringLength(100, ErrorMessage = “The {0} must be at least {2} characters long.”, MinimumLength = 6)].
    So if you want to influence the password length (i.e. decrease to 5) you might have to modify both.
    I found a Q&A on SO that connected the dots for me: http://stackoverflow.com/questions/20953371/asp-net-identity-require-strong-passwords#comment40701479_25055885

    Reply

Leave a Reply