---
title: "passwordcheck — verify password strength"
id: passwordcheck
pg_version: "20devel"
---
## F.24. passwordcheck — verify password strength
The `passwordcheck` module checks users' passwords whenever they are set with [CREATE ROLE](sql-createrole.md) or [ALTER ROLE](sql-alterrole.md). If a password is considered too weak, it will be rejected and the command will terminate with an error.
To enable this module, add `'$libdir/passwordcheck'` to [`shared_preload_libraries` (`string`)](runtime-config-client.md#guc-shared-preload-libraries) in `postgresql.conf`, then restart the server.
You can adapt this module to your needs by changing the source code. For example, you can use [CrackLib](https://github.com/cracklib/cracklib) to check passwords — this only requires uncommenting two lines in the `Makefile` and rebuilding the module. (We cannot include CrackLib by default for license reasons.) Without CrackLib, the module enforces a few simple rules for password strength, which you can modify or extend as you see fit.
> [!CAUTION]
> To prevent unencrypted passwords from being sent across the network, written to the server log or otherwise stolen by a database administrator, PostgreSQL allows the user to supply pre-encrypted passwords. Many client programs make use of this functionality and encrypt the password before sending it to the server.
> This limits the usefulness of the `passwordcheck` module, because in that case it can only try to guess the password. For this reason, `passwordcheck` is not recommended if your security requirements are high. It is more secure to use an external authentication method such as GSSAPI (see [Chapter 20](client-authentication.md)) than to rely on passwords within the database.
> Alternatively, you could modify `passwordcheck` to reject pre-encrypted passwords, but forcing users to set their passwords in clear text carries its own security risks.
### F.24.1. Configuration Parameters
** `passwordcheck.min_password_length` (`integer`) **
The minimum acceptable password length in bytes. The default is 8. Only superusers can change this setting.
> [!NOTE]
> This parameter has no effect if a user supplies a pre-encrypted password.
In ordinary usage, this parameter is set in `postgresql.conf`, but superusers can alter it on-the-fly within their own sessions. Typical usage might be:
# postgresql.conf
passwordcheck.min_password_length = 12