Passwords longer than 128 characters should be rejected Passwords longer than 128 characters should be rejected https://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=122336595 2026-05-13T06:56:52Z 2026-05-13T06:56:52Z RE: RE: Passwords longer than 128 characters should be rejected Václav Suchánek https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=122359349 2024-01-26T10:43:22Z 2024-01-26T10:43:21Z <p>Thank you, Zsigmond.</p> Václav Suchánek 2024-01-26T10:43:21Z RE: RE: Passwords longer than 128 characters should be rejected Zsigmond Rab https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=122354143 2024-01-23T10:38:58Z 2024-01-23T10:38:57Z <p>Hi Václav,</p> <p>Watch <a href="https://liferay.atlassian.net/browse/LPD-15194">https://liferay.atlassian.net/browse/LPD-15194</a>.</p> <p>Regards,<br> Zsigmond</p> Zsigmond Rab 2024-01-23T10:38:57Z RE: RE: Passwords longer than 128 characters should be rejected Václav Suchánek https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=122346108 2024-01-18T11:02:55Z 2024-01-18T11:02:55Z <p>Hello Zsigmond,</p> <p>Yes, you are right. For sure we can limit the length of the password with regex (portal properties). But what if we don't want to use a regex because of the following issue:<br> <a href="https://liferay.atlassian.net/browse/LPS-152747">https://liferay.atlassian.net/browse/LPS-152747</a> <br> In the end, we have to establish a very complex regex pattern that follows all our password policies.</p> <p>Regards,<br> Václav</p> Václav Suchánek 2024-01-18T11:02:55Z RE: Passwords longer than 128 characters should be rejected Zsigmond Rab https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=122341524 2024-01-16T08:17:58Z 2024-01-16T08:17:57Z <p>Hi Václav,</p> <p>I believe this can be done with password policies. There you can set a Minimum Length and you can even define a Regular Expression to validate the passwords.</p> <p>Regards,<br> Zsigmond</p> Zsigmond Rab 2024-01-16T08:17:57Z Passwords longer than 128 characters should be rejected Václav Suchánek https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=122336594 2024-01-12T08:22:11Z 2024-01-12T08:22:09Z <p>See ASVS v4.0.3, section 2.1.2:</p> <p>Verify that passwords of at least 64 characters are permitted, and that passwords of more than 128 characters are denied.</p> Václav Suchánek 2024-01-12T08:22:09Z