Adding user pool password requirements

To create strong passwords for your app users, specify a minimum password length of at least eight characters. Also require uppercase, numeric, and special characters. Complex passwords are harder to guess. We recommend them as a security best practice.

You can use the following characters in passwords:

Uppercase and lowercase Basic latin letters
Numbers
Special characters listed in the next section.

Creating a password policy

You can specify the following requirements in the Password policy in the AWS Management Console under the Sign-in experience tab.

A Password minimum length of at least six characters and at most 99 characters. This is the shortest password you want your users to be able to set. Amazon Cognito passwords can be up to 256 characters in length.
Your users must create a password that Contains at least 1 of the following types of characters.
- Number
- Special character from the following set. The space character is also treated as a special character.
  
  ^ $ * . [ ] { } ( ) ? " ! @ # % & / \ , > < ' : ; | _ ~ ` = + -
- Uppercase Basic Latin letter
- Lowercase Basic Latin letter

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Attributes

Allowing user sign-up