Password security

How does Modrinth determine whether a password is secure enough?

Written by Jai Agrawal
Updated over a week ago

Modrinth uses zxcvbn to judge password strength. Any password with a score lower than 3 out of 4 will be rejected. Besides the zxcvbn requirements, passwords must have a minimum length of 8 and a maximum length of 256. We do not require you to add numbers or symbols, though this is highly recommended. Any Unicode character is allowed — even emoji! Just make sure you have a way to type them.

We recommend Bitwarden for generating and storing passwords. Any password you are able to remember is unlikely to have optimal security.

Did this answer your question?