Skip to main content

    SecureTools: Password Requirements for Major Platforms

    See minimum and maximum password requirements for major platforms side by side.

    Understanding Platform Password Policies

    Every online service implements its own password policy, balancing security requirements against user convenience. Understanding these requirements helps you create passwords that are both secure and compatible with each platform you use. This comprehensive reference covers password policies for the most popular services as of 2026.

    While longer passwords are generally more secure, some platforms impose maximum length restrictions due to legacy systems or hashing algorithm limitations. For example, bcrypt—a common password hashing algorithm—only processes the first 72 bytes of input, which is why services like GitHub cap passwords at 72 characters.

    Password requirements for major platforms
    PlatformMin LengthMax LengthRequirements
    Google8100+Letters, numbers, symbols allowed
    Apple ID832Upper, lower, number required
    Microsoft82563 of 4: upper, lower, number, symbol
    Amazon6128No specific requirements
    Facebook6100+Mix of letters, numbers, symbols recommended
    Twitter/X8128No specific requirements
    LinkedIn8400No specific requirements
    Netflix460Minimal requirements
    PayPal820Number and symbol required
    Dropbox81024No specific requirements
    GitHub872 (bcrypt limit)15+ chars OR 8+ with number and lowercase
    Slack672No specific requirements
    UK Banks (typical)8-1215-20Varies; often restricted character sets
    US Banks (typical)8-1216-32Varies; some block special characters

    How to Use This Reference

    When creating a new account, first check this table to understand the platform's constraints. Then use our password generator configured to meet those requirements. For platforms with generous maximum lengths (like Dropbox's 1024 characters), consider using a passphrase for better memorability without sacrificing security.

    Best Practices for Meeting Requirements

    • Always exceed minimum length by at least 4-6 characters when possible
    • Use a password manager to generate and store unique passwords for each service
    • Enable two-factor authentication regardless of password strength
    • For banking sites with restrictive rules, maximize length within their constraints
    • Test generated passwords in a separate window before saving to your password manager

    When Requirements Seem Restrictive

    Some platforms, particularly older banking systems, impose surprisingly restrictive password policies. If you encounter a maximum length of 16 characters or restrictions on special characters, don't panic—compensate by using the maximum allowed length and enabling all available two-factor authentication options. A 16-character random password is still extremely secure against brute-force attacks.

    Common Password Policy Pitfalls to Avoid

    Many users fall into patterns that compromise security despite following platform requirements. For example, using predictable sequences (like 'password123' or birthdates) or reusing passwords across accounts. Even if a platform allows weak passwords, reusing them creates a single point of failure. Another common mistake is ignoring 'never reuse passwords' guidelines when managing multiple accounts. Services like GitHub and Microsoft require specific character combinations precisely to counter these vulnerabilities. Always treat each platform's password policy as a baseline rather than a ceiling.

    How to Use Password Generators Effectively

    While our password generator tool can create compliant passwords, users often overlook key customization options. For platforms requiring 3 of 4 character types (e.g., Microsoft), ensure your generated password includes uppercase letters, lowercase letters, numbers, and symbols. Avoid common patterns like 'P@$$w0rd' that attackers frequently test. For services with strict length limits (like Apple ID's 32-character max), use the generator's 'length' filter to stay within bounds. Remember to save generated passwords in a secure password manager rather than writing them down.

    Note: Requirements change frequently. Some platforms impose additional restrictions not listed here (e.g., no spaces, no repeating characters). When in doubt, use our password generator and test the result on the platform.

    type html> SecureTools — Privacy-First Security Utilities