Enforcing Password Complexity in Useraccounts

Good morning all,

I am using meteor-useraccounts for user account functionality. So far it works great, however I need to enforce password complexity specifically on the reset password screen (after the user clicks the email link). Is there a way to hook that functionality conveniently that anyone knows of?

Users cannot register for this service, so enforcing it when an admin creates the account is easy, but its meaningless if the user can just send a forgotten password request and bypass it.

Many thanks!

Did you discover a solution to enforce a password complexity check ?

I too need to address this not just on new user creation but on existing user password reset

You might want to start with enforcing your password requirements on the client. Then, on the server you could probably use on the Accounts.onCreateUser API to verify that the password meets those requirements.

As @msavin suggested, enforcing client-side requirements is a good start. For that, we’ve found this package to be very helpful in evaluation and providing suggestions.

For sure just do this on server side registration. Do all your checks and pass back some json.

{status:false, reason:“Password too short”}