itrestian
commented
7 years ago Thank you for your feedback. I will add a +1 on the internal feature request for changing the characters allowed in passwords.
Open jdalegonzalez opened 7 years ago
itrestian
commented
7 years ago Thank you for your feedback. I will add a +1 on the internal feature request for changing the characters allowed in passwords.
aneilbaboo
commented
6 years ago This is important for us too. We're considering using Cognito for a health related app.
Is there a recommended way to use a custom password complexity checker? We're considering: https://github.com/dropbox/zxcvbn
visheshd
commented
6 years ago Instead of calling Cognito directly you can call a signup endpoint mapped to a Lambda that does the validation and creates the Cognito user using the SDK
Apart from the particularly tricky bits - like testing all password creation attempts against a table of commonly guessable passwords, the guidelines say that all printable characters including spaces, emojji's, etc.. need to be allowed.
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/