Using password policy with Subversion authentication

Applies to: VisualSVN Server 5.0 and later

When using Subversion authentication in VisualSVN Server, it is recommended to use a strong password policy. This article describes available options for enforcing the password policy requirements.

Managing password policy

The password policy can be turned on and off by a server administrator. The password policy requirements are enforced when users change their passwords in the server’s web interface. If a new password does not meet the password policy requirements, the error message "The new password does not meet the length or complexity requirements" is displayed.

The password policy requirements are also enforced upon passwords that are set using VisualSVN Server Manager or PowerShell. However, in this case, the administrator is given an option to proceed with setting a password even if it does not meet the requirements.

Enabling the password policy does not affect existing passwords. Only new passwords will need to meet the policy requirements.

Minimum password length

The Minimum password length option specifies the minimum number of characters that must be in a password. It can be set to any number greater than zero. The default minimum password length is 8.

Require complex passwords

When the Require complex passwords checkbox is selected, passwords must contain characters from at least three of the following categories:

  • Uppercase letters (A through Z).
  • Lowercase letters (a through z).
  • Digits (0 through 9).
  • Special characters (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/).
Passwords in VisualSVN Server can only contain ASCII characters. This prevents errors that can occur during basic HTTP authentication, where the encoding of non-ASCII characters varies between different clients.
Last Modified: