search

firebase / firebaseui-web

FirebaseUI is an open-source JavaScript library for Web that provides simple, customizable UI bindings on top of Firebase SDKs to eliminate boilerplate code and promote best practices.
https://firebase.google.com/
Apache License 2.0
4.58k stars 1.06k forks source link

Set Minimum Password Length Firebase Email & Password Authentication #661

Closed namsor closed 1 year ago

namsor commented 4 years ago

Hi!

Currently, Firebase will through a FirebaseAuthWeakPasswordException if the password length is less that 6.

Could additional password rules be configured on the client side, for example if we would like to encore a minimum password length of 8 ? The IT Security team of a client is requesting this minimum password length.

The minimum password length or custom rules could be specified in Other config options...
ui.start('#firebaseui-auth-container', { signInOptions: [ // List of OAuth providers supported. ... firebase.auth.EmailAuthProvider.PROVIDER_ID ], // Other config options...
});

Alternatives were discussed in this Stackoverflow thread, but none seems convincing, https://stackoverflow.com/questions/36318198/set-minimum-password-length-firebase-email-password-authentication

Thanks for considering this enhancement or suggesting an alternative approach, Elian

bojeil-google commented 4 years ago

Hey @namsor, we may consider setting a client side enforcement in firebaseui via some regex. Though the risk is if the user cannot meet the regex requirements, we still need a custom error message to guide the user beyond just a message that the password is too weak.

namsor commented 4 years ago

Thank you, yes. The custom error message could be passed along with the regexp.

nordknight commented 4 years ago

I'm also interested - will the minimum password length be available for configuration?

andrew-mikhailov-zfort commented 4 years ago

Also, please, don't forget about password recovery. Because it should have the same rule.

mohiyuddinshaikh commented 3 years ago

Hey @namsor, we may consider setting a client side enforcement in firebaseui via some regex. Though the risk is if the user cannot meet the regex requirements, we still need a custom error message to guide the user beyond just a message that the password is too weak.

What is the status on this guys?

wilderuncat commented 3 years ago

Having some kind of built in mechanism to control password regex for firebase authentication would be amazing.

luanlucho commented 3 years ago

Please guys, develop this functionality. It could look somethings like these.

const rules = [ 
  {
    rule: "some regex",
    message: "My error message for this rule"
  },
  {
    rule: "some other regex",
    message: "My error message for this rule"
  },
  // ... more rules
];

await firebase.auth().enforcePasswordRules(rules);
weixifan commented 3 years ago

Hi all, thanks for your input on this feature request! We are unable to promise any timeline for this, but if others also have this request, adding a +1 on this issue can help us prioritize adding this to the roadmap.

Internal tracking bug: b/188591575

dangell7 commented 3 years ago

A merchant is blocking our registration because we cannot implement a stronger password requirement. I see the work arounds but it would be nice if this was implemented directly.

witalijx commented 3 years ago

+1 I need this too

matthieunelmes commented 2 years ago

+1

matas-itmoos commented 2 years ago

+1 as it sounds super basic and important

nenriquez commented 2 years ago

+1 please add minimum strength also

JoshMart commented 2 years ago

+1 6 characters is a very, very basic starting point for a password. Enabling additional rules around passwords would greatly increase peace of mind while using FirebaseUI.

welsh11 commented 2 years ago

+1

WONDERJEWEL commented 2 years ago

+1

turnonsc commented 2 years ago

+1

papmodern commented 2 years ago

+1

PolVales commented 2 years ago

+1

benhxy commented 2 years ago

+1

propkitty commented 2 years ago

The current problem of not being able to set a set of rules for passwords is a huge issue for Firebase as far as I'm concerned. We need to be able to program regex rules into FB for our apps.

+1

jjosenaldo commented 2 years ago

+1

fchu commented 2 years ago

+1

dov212 commented 2 years ago

+1

prameshj commented 2 years ago

This is currently implemented on the Google Cloud Identity Platform backend - https://cloud.google.com/identity-platform/docs/password-policy

hampak commented 2 years ago

+1

lowriwyllt commented 1 year ago

+1

opolo commented 1 year ago

+1

IliaRyzhkovPR commented 1 year ago

+1

kendra-human commented 1 year ago

+1

svetlana-mate commented 1 year ago

+1

rachelmyers commented 1 year ago

You can do this via the admin API: https://cloud.google.com/identity-platform/docs/password-policy. We don't have plans to add this to FirebaseUI, although I can imagine something like surfacing error messages being handy. Let us know what you need as you start using this.

smlima commented 1 year ago

Yeah, it would be nice to surface the error through FirebaseUI. We're using FirebaseUI for authentication , and we need to meet some minimum requirements in terms of security and password strength is one of those. So it would be nice to expose that error so that we can set the strength on identity platform , and then show the error on the mobile

I had open a request https://github.com/firebase/FirebaseUI-Android/issues/2128 but it didn't get any traction

dennisbcloud commented 10 months ago

+1