Password requirements for accounts in Netlify Identity

I’ve looked through the docs for Netlify Identity and didn’t see any mention of how to set password requirements for accounts created via email and password. This is a problem for me because Netlify Identity accepts passwords that are only one character in length, which is quite shocking!

According to this bug report, the issue of setting password requirements has been unsolved since 2018. Could someone at Netlify please let me know whether this is in fact a current limitation with Netlify Identity?

The short version of the answer is, yes, this is still a limitation if you see it as one. Netlify Identity allows the devs to implement their own auth system, so you can configure your front-end to accept a specific type of input.

There are two things at play here:

  1. Netlify Identity Widget: It’s a simple React app that allows you to connect to Netlify Identity for your site. It’s not a requirement to use this widget to use Identity.

  2. Netlify Identity: This is the actual service that’s handling authentication and it’s the only thing that’s required.

You can create your own widget in which you can add any kind of password requirements. However, Netlify Identity service doesn’t enforce any requirements by itself. So, everyone who signs-up using your front-end should see the error if you use your custom widget, however if someone tries to inspect the API request from dev tools and sends a request, that would work fine.

Wow. Big limitation.