We currently don't do a great job of explaining any password restrictions. We currently enforce a basic 8 character password limit, we never display this anywhere and only inform the user AFTER they have submitted their password # Proposal * We should display the password rules to the user when setting or resetting a password * We should prevent submitting an invalid password * We should display a password strength indicator when setting a password * This should apply to initial setup of users and admins as well as changing passwords # Related issues Additional Password Complexity: https://gitlab.com/gitlab-org/gitlab-ce/issues/33855