Changes to minimum password length for Google Apps accounts

Tuesday, March 1, 2011 | 9:46 PM

Labels:

As part of our continuous efforts to help our users protect their information, we recently launched 2-step verification for all Google accounts. Starting March 14, we will also increase the minimum password length requirement for Google Apps accounts from 6 characters to 8.

This new policy aligns Google Apps accounts with consumer accounts that already require passwords to be at least 8 characters long.

Existing users can keep their current password even if it doesn’t match the new security requirements, but they will be required to comply when changing their password for the first time. Administrators will also need to comply when resetting passwords for users.

With this change, passwords set via the Google Apps Control Panel from March 14 will need to be at least 8 characters long. Calls to the Provisioning API that try to set a user's password that is shorter than 8 characters will also fail with an InvalidPassword error message. For more information on how to programmatically manage user accounts, please check the Provisioning API Developer’s Guide.

Want to weigh in on this topic? Discuss on Buzz

10 comments:

Sanjoy said...

Salute to Google team, your 24x7 efforts and contribution in Web, make life Simple and time saving for people all around the World. I am exited about 14th March, 2011. What changes shall implement by Google? What type of impact, it make in the World of Web? I am very much exited. Now wait and see...

foreverwar said...

This is going to cause my institution a major headache, as we have 30k students using GApps/GMail, and their Google password is synced with their application systems passwords in a single sign-on system (making it simpler/easier for the students).

Some of our legacy systems only support six character passwords, so I am a trifle unhappy with this imposition at such short notice.

­ said...

@foreverwar - You should be more concerned with that restriction existing than with Google updating the minimum length. As mentioned above, you're not being forced to change the users passwords or conform to the new standards - so you have plenty of time to work out a solution.

Anonymous said...

There is no simplification in adding a password from 6 digit to more than 8 marking. Even the 6 is already confusing.

Claudio Cherubino said...

I must stress that this is not going to affect existing users who can keep their existing passwords and all domains that send hashed passwords to Google.

This includes all customers that adopt sync solutions based on the Provisioning API and a SHA-1 filter (such as http://code.google.com/p/sha1hexfltr/) to update passwords.

The most common SSO-based solutions only send hashed passwords to Google so they won't be affected as well.

Anonymous said...

Great....I see this after the fact....after hundreds of password rejections through the API....thanks google for the email notification.....

Anonymous said...

We just implemented a default 7 char password convention. This development blows it out of the water. It may not be a big deal with existing accounts, but for new accounts we now have to change all of our processes and documentation...thats where the hassle is. I did not hear about this until today! More notice please!@!

Anonymous said...

I become more unhappy with how google goes about implimenting change by the day. They're shitty

rugdog said...

The same as other comments, I just noticed this after many days of no new account provisioning. We have a process where the password is automatically generated based on 6 digits and it was very tricky to find the reason of failure.

TheRightWay said...

This is terrible. Why do they force these rules upon their customers. I DO NOT want 8 character passwords, my users have a hard enough time remembering 6 characters. The fact I can not disable this password requirements makes me seriously consider if Google was the right solution for my business.