Changing password validation rules

Can someone point me to information on how I can customize password validation rules that are applied when creating an account or changing the password of an existing account? I understand the default is to just require at least six of any character.

Have you looked into Accounts.validateNewUser ?

It appears that can only be called on the server. But I don’t see how that makes sense since I want to stop the user for using a bad password before it is submitted to the server. If I try to call Accounts.validateNewUser on the client, it says “Accounts.validateNewUser is not a function”.

Hi @mvolkmann and welcome to the forums. Here’s the full documentation on how to customise the accounts core package:

It also contains examples on how to enforce custom password complexity.

Edit: here’s an example of reconfiguring the password field using a custom regex and min length:

Thanks @illustreets! What package do I import “AccountsTemplates” from? I don’t see that in the guide. Do I need to install a new package?

Check out this thread on stackoverflow. If you use the Blaze package accounts-ui the solution could be easy

It’s useraccounts:core, as per here:

I have the accounts-ui and accounts-password packages added to my project.
Do I need to also add another package to have access to useraccounts:core?

I entered “meteor add useraccounts:core”, but after just installing that and not changing any code, I can no longer create accounts. It says “Signups forbidden” in red. Entering “meteor remove useraccounts:core” restores the ability to create accounts. There must be something extra I need to do after adding that package so I can still create accounts.

The useraccounts:core package has documentation on all the necessary configuration. Can’t remember from the top of my head, but there is a property which stops user registration. Possibly, it’s enabled by default. Please follow the docs.