spec checked
OWASP Authentication Cheat Sheet password strength controls
Documents password strength controls including minimum length, at least 64 character maximum support, no silent truncation, all characters including Unicode and whitespace, no composition rules, password strength meters, breached-password blocking, and avoiding periodic password changes.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Password creation | Choose password creation when the user must choose or replace a reusable password, passphrase, or memorized secret. | Typing, paste, autofill, password-manager generation, deletion, and selection follow native input behavior. | OWASP supports length controls, no silent truncation, all characters, no composition rules, strength meters, breached-password blocking, and avoiding periodic changes. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: OWASP Cheat Sheet Series. Last checked: .