On Password change dialouge: min password lenght is >= 8 chars but will only accept >= 15 chars.

On the site https://github.com/settings/security I can chose a password which is either more than 15 characters long or longer than 8 characters, but in this case it must contain at least one number and one lower case letter.

When I chose an password with one number and one lower case letter and 8 characters long, I get the message saying “Password is invalid.”. When I add more characters, I don’t get the message.

Expected behaviour would be that I could chose a password like “Abcdefg1”, but this is not possible.

Can someone confirm this behaviour and give a possible solution?

Thank you in advance!


Bump, I can confirm this is also happening to me. Haven’t found a solution though. Anyone know a fix?

1 Like

Thanks for being here @sebitnt and @rantaoca

While the new password you have entered may meet the listed requirements, the system also runs a check of that password (or more specifically, a hash of that password) against our internal database of credentials known to be compromised by breaches of other websites or services.

While longer and more complex passwords can be harder to remember, they are a vital step in keeping your account secure. As a rule of thumb, each account you have should have its own unique password.

If you try resetting your password again — this time using a long, complex password — that should do the trick. However, if this continues to cause issues for you, and If you haven’t already, please contact us at https://github.com/contact with the info so we can look into that further.

Hi Andrea,

Thanks for the advice. This issue seems to have resolved itself for me, I just went in to change my password again using the same password that wasn’t accepted in the past, and it is accepted now.

E.g. typing in “a1234567” didn’t work in the past, but it is a valid password now.