scott-r
commented
10 months ago Upon further experimentation, it appears that the rules are the same for new users and password changes: minimum length (8 chars?), 1 numeric char, 1 special char. Not sure if both upper and lower case are required. Can we check the user pool settings directly to verify what the requirements are?
Then it would be simple to add some text to the password change form to document the requirements.
We need to document what requirements are enforced for user passwords (e.g. minimum length, upper/lower case, numeric and special characters).
By experimentation, it's clear that passwords for newly created users have a minimum length. However, they do not have to contain a numeric character. When changing an existing password, at least one numeric character IS required.