From 301fc68203b066d435767fb342046f3c4a5b11b1 Mon Sep 17 00:00:00 2001
From: Christopher Kolstad <chriswk@getunleash.ai>
Date: Thu, 5 Aug 2021 14:00:30 +0200
Subject: [PATCH] chore: document password requirements

---
 websitev2/docs/api/admin/user-admin.md    | 16 ++++++++++++++--
 websitev2/docs/deploy/securing-unleash.md | 15 ++++++++++++---
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/websitev2/docs/api/admin/user-admin.md b/websitev2/docs/api/admin/user-admin.md
index 6c495974b8..25e7b609ce 100644
--- a/websitev2/docs/api/admin/user-admin.md
+++ b/websitev2/docs/api/admin/user-admin.md
@@ -195,11 +195,23 @@ Possible return values:
 Return values:
 
 - `200 OK`: Password was changed.
-- `400 Bad Request`: Password was not changed. Unleash requires a strong password. Please see in the response body on how to improve the password.
+- `400 Bad Request`: Password was not changed. Unleash requires a strong password.
+  - This means
+    - minimum 10 characters long
+    - contains at least one uppercase letter
+    - contains at least one number
+    - contains at least one special character (symbol)
+- Please see in the response body on how to improve the password.
 
 ### Validate password for a user {#validate-password-for-a-user}
 
-You can use this endpoint to validate the strength of a given password.
+You can use this endpoint to validate the strength of a given password. Unleash requires a strong password.
+
+- This means
+  - minimum 10 characters long
+  - contains at least one uppercase letter
+  - contains at least one number
+  - contains at least one special character (symbol)
 
 `http POST http://localhost:4242/api/admin/user-admin/validate-password`
 
diff --git a/websitev2/docs/deploy/securing-unleash.md b/websitev2/docs/deploy/securing-unleash.md
index b7ca833c56..20c813903b 100644
--- a/websitev2/docs/deploy/securing-unleash.md
+++ b/websitev2/docs/deploy/securing-unleash.md
@@ -7,11 +7,20 @@ title: Securing Unleash
 
 > This guide is only relevant if you are using Unleash Open-Source. The Enterprise edition does already ship with multiple SSO options, such as SAML 2.0, OpenId Connect.
 
-Unleash Open-Source v4 comes with username/password authentication out of the box. In addition Unleash v4 also comes with API token support, to make it easy to handle access tokens for Client SDKs and programmatic asses to the Unleash APIs.
+Unleash Open-Source v4 comes with username/password authentication out of the box. In addition Unleash v4 also comes with API token support, to make it easy to handle access tokens for Client SDKs and programmatic access to the Unleash APIs.
+
+### Password requirements {#password-requirements}
+
+Unleash requires a strong password.
+
+- minimum 10 characters long
+- contains at least one uppercase letter
+- contains at least one number
+- contains at least one special character (symbol)
 
 ### Implementing Custom Authentication {#implementing-custom-authentication}
 
-If you do not wish to use the built-in
+If you do not wish to use the built-in username/password authentication you can add a customAuthHandler
 
 To secure the Admin API, you have to tell Unleash that you are using a custom admin authentication and implement your authentication logic as a preHook.
 
@@ -27,7 +36,7 @@ unleash
       customAuthHandler: myCustomAdminAuth,
     },
   })
-  .then(unleash => {
+  .then((unleash) => {
     console.log(
       `Unleash started on http://localhost:${unleash.app.get('port')}`,
     );