Back to blog

Announcing A New Password Experience

Category
Company
Published

The team has been focused on making a first in class experience for your end users when it comes to passwords. Let's talk about the new features we introduced.

It's time for an exciting announcement from our end, one that's been brewing for a while. While it may seem like a small step, we believe it's a giant leap towards an unparalleled user experience, especially when it comes to password security.

Our team has been hard at work, making your end users' experience first-in-class. We're thrilled to introduce a suite of new features that will take password management to the next level. Let's dive into the details!

Password Reset Flow

Who hasn't forgotten a password at least once? Now, with our traditional password reset flow, users can reset their password with a single click. The best part? It ships with our sign in component and syncs perfectly with our Multi-Factor Authentication (MFA) products, ensuring all necessary verification steps are complete before users are automatically signed back into your application.

Strong Passwords Verification

In addition to our HaveIBeenPwned integration, we now enable you to set a minimum strength requirement for all new passwords in your application. This added security layer is powered by the password strength estimator zxcvbn-ts.

With its ability to detect commonly used passwords and patterns such as dates, names, and common phrases, zxcvbn-ts ensures that your end users are protected from using weak passwords in your application. Now, stronger password security is not just an option, but a standard.

Additional Complexity Requirements

For our Business plan users and beyond, we're introducing the ability to enforce specific password requirements like special characters, numbers, and a mix of uppercase and lowercase letters. This will help your users to not just meet, but exceed your standards.

Password Completion Guidance

To take password requirements one step further, once you set password policies in your Clerk dashboard, you can even opt for users to be alerted to your length or complexity requirements via guidance cues. When users are setting their password, friendly messaging will appear below the input box that indicates the password policies you selected to help them create passwords that are robust and compliant.

We're excited about these new additions and can't wait for you to experience them. Here's to a better user experience for all! Want to learn more about "how we roll" passwords? Check out our post that goes in depth about passwords at Clerk.

Let us know your thoughts on Twitter @ClerkDev or in the Clerk Community on Discord.

Author
James Perkins