Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.133 Passwords with at least 20 characters

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining secure passwords of at least 20 characters long.


System passwords must be at least 20 characters long.


  1. OWASP-ASVS v3.1-2.7 Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.

  2. OWASP-ASVS v3.1-2.27 Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.

Service status - Terms of Use