Password requirements
Summary
In our recent usability tests, we observed that some users struggled to generate a password that met GitLab's security requirements.
Today we only display any errors or failures after submission.
The only guideline given to the user currently is that it must be eight characters, however many people ran into issues with using common phrases such as “password” or “12345678”. And as one user said, “It would be nice to know what's commonly used and what isn't.”
Solution
We should be changing the password input field for every instance of GitLab (.com and self-managed) as pointed out in #458441 (comment 1896743006).
Figma link has designs for all registrations.
We should tell the user about any password conditions at the start, which will ultimately help the user to create a more secure account.
Updated copy to replace "Minimum length is 8 characters":
• Must be between 8-128 characters
• Cannot use common phrases (e.g. “password”)
• Cannot include your name, username, or email
| State | Mock |
|---|---|
| Password default text |  |
| Password error state |  |
| Password success state |  |