Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

REQ.133 Passwords with at least 20 characters

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining passphrases with at least 4 words to improve credentials security


System passwords must be at least 20 characters long.


  1. OWASP-ASVS v3.1-2.7 Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.

  2. OWASP-ASVS v3.1-2.27 Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.

Service status - Terms of Use