Minimum password requirements?

Using the default authentication provided by Grafana, are there any restrictions on valid passwords? I was wondering if users can provide blank passwords, even - if we just want to let Viewer users have separate accounts for their preferences but not care about who logs in as who?

hi @jdxjohn!

This was an interesting question! to enforce requirements, we recommend using an external authentication provider, there isn’t a password policy enforced by grafana per this issue:

Out of curiosity, I tried changing a password to a blank string (a single space character) and saw an error that it was too short. It appears that at least 4 characters are required - it accepted four spacebar characters. But the password cannot be left empty.

1 Like

I saw that question but we’re not in a position to implement that right now so I wondered if there was a simple option to disable passwords for named users.

Thanks for testing - this seems a good enough workaround or we could simply tell everyone to use the same well-known “non password” like “letmein” or “password”.