Custom password length limits

By default, GitLab supports passwords with:

  • A minimum length of 8.
  • A maximum length of 128.

GitLab administrators can modify password lengths:

  • Using the GitLab UI. From GitLab 12.6 this is the only available option.
  • Using configuration file. Up to GitLab 12.5.

Changing the minimum or maximum length does not affect existing user passwords. Existing users are not asked to reset their password to adhere to the new limits. The new limit restriction applies only during new user sign-ups and when an existing user performs a password reset.

Modify minimum password length using GitLab UI

Introduced in GitLab 12.6

The user password length is set to a minimum of 8 characters by default.

To change the minimum password length using GitLab UI:

  1. Go to Admin Area > Settings, then select Sign-up restrictions.

    Minimum password length settings

  2. Input a Minimum password length value greater than or equal to 8, then select Save changes.

Modify maximum password length using configuration file

From GitLab 12.6, the minimum password length set in this configuration file is ignored. Minimum password lengths must instead be modified via the GitLab UI.

The user password length is set to a maximum of 128 characters by default. To change that for installations from source:

  1. Edit devise_password_length.rb:

    cd /home/git/gitlab
    sudo -u git -H cp config/initializers/devise_password_length.rb.example config/initializers/devise_password_length.rb
    sudo -u git -H editor config/initializers/devise_password_length.rb
    
  2. Change the new password length limits:

    config.password_length = 12..135
    

    In this example, the minimum length is 12 characters, and the maximum length is 135 characters.

  3. Restart GitLab for the changes to take effect.