Password restrictions

It is possible to enforce password restrictions on user accounts when using the native Overleaf login system for authentication.

It is not possible to enforce password restrictions for SSO (LDAP/SAML 2.0) logins. These must be configured in your Identity Provider (IdP).

To do so, you'll need to set the relevant environment variable in the Toolkits config/variables.env file.

Name

Description

OVERLEAF_PASSWORD_VALIDATION_MIN_LENGTH

The minimum length required Default: 8

OVERLEAF_PASSWORD_VALIDATION_MAX_LENGTH

The maximum length allowed Default: 72

OVERLEAF_PASSWORD_VALIDATION_PATTERN

Used to validate password strength:

abc123 – password requires 3 letters and 3 numbers and be at least 6 characters long
aA – password requires lower and uppercase letters and be 2 characters long
ab$3 – it must contain letters, digits and symbols and be 4 characters long
There are 4 groups of characters: letters, UPPERcase letters, digits, symbols. Everything that is neither letter, nor digit is considered to be a symbol.

Last updated 1 day ago

Was this helpful?