The GitLab Docs website is now available in Japanese!

User passwords

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

If you use a password to sign in to GitLab, a strong password is very important. A weak or guessable password makes it easier for unauthorized people to sign in to your account.

Some organizations require you to meet certain requirements when choosing a password.

Improve the security of your account with two-factor authentication.

Password requirements

Password requirements apply when you:

  • Choose a password during registration.
  • Reset your password.
  • Change your password.
  • Have an administrator create or update your account.

By default, GitLab enforces the following requirements:

  • Minimum password length: 8 characters.
  • Maximum password length: 128 characters.
  • Must not match a list of 4,500+ known, breached passwords.
  • Must not contain part of your name, username, or email address.
  • Must not contain a predictable word (for example, gitlab or devops).

On GitLab Self-Managed and GitLab Dedicated, administrators can configure:

Choose your password

You can choose a password when you create a user account.

If you register your account using an external authentication and authorization provider, you do not need to choose a password. GitLab sets a random, unique, and secure password for you.

Change your password

You can change your password. The new password must meet the password requirements.

To change your password:

  1. In the upper-right corner, select your avatar.
  2. Select Edit profile.
  3. On the left sidebar, select Password.
  4. In the Current password text box, enter your current password.
  5. In the New password and Password confirmation text box, enter your new password.
  6. Select Save password.

Reset your password

If you forget your password, you can submit a request to reset your password.

To reset your password:

  1. Go to the GitLab sign-in page.
    • On GitLab.com, this is available at https://gitlab.com/users/sign_in.
    • On GitLab Self-Managed and GitLab Dedicated, use your domain. For example, gitlab.example.com/users/sign_in.
  2. Select Forgot your password?.
  3. Enter your email.
  4. Select Reset password.

You are redirected to the sign-in page. If the provided email is verified and associated with an existing account, GitLab sends a password reset email.

Your account can have more than one verified email address, and any email address associated with your account can be verified. However, only the primary email address can be used to sign in once the password is reset.