Menu
When using Firebase's Email & Password setting it seems like there are no security constraints on the password.
For example I could create the following user:
firebaseRef.createUser( { email: "[email protected]", password: "j" }); I'd like to at least set a minimum password length. Does firebase provide a way to do this?
816
length: Firebase requires the passwords to be at least 6 characters, so it's a good idea to enforce it here instead of failing later in a less user-friendly way.
What makes a password strong: minimum vs maximum length. Most websites typically require a minimum password length of 8–10 characters.
To customize your Firebase project's email action handler, you must create and host a web page that uses the Firebase JavaScript SDK to verify the request's validity and complete the request. Then, you must customize your Firebase project's email templates to link to your custom action handler.
A FirebaseAuthWeakPasswordException is thrown when using a weak password (less than 6 chars) to create a new account or to update an existing account's password. Use getReason() to get a message with the reason the validation failed that you can display to your users.
See https://firebase.google.com/docs/reference/android/com/google/firebase/auth/FirebaseAuthWeakPasswordException for more details.
61
There is currently no way to configure a minimum password length or strength for Firebase email+password Authentication.
You could build such a restriction into your app, but tech-savvy users can bypass that by calling the API. Or you could introduce a "isPasswordApproved" flag that only a server-side process can set, and then validate the password strength there. But neither of these sound very appealing.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
