Maximum password length

View Tag Cloud
  • johnbristol's Avatar
    Fresh Eyes
    The password error message says "ensure that your password is at least 7 characters"

    Nothing about maximum length. I had a half dozen proposed passwords rejected and finally banged in 9 characters. What is the system's maximum length and why is it so small? How is Tesco Online Banking inconvenienced by allowing a reasonably large maximum length?

    The error message also says "includes letters and numbers". The one I ended up with has at least one character that's neither alphabetic nor numeric. Could someone please add an authoritative password description to this thread, to demonstrate what is in fact being tested? The error message really ought to be more helpful and accurate.
    Last edited by johnbristol; 24-03-23 at 10:47. Reason: spelling
  • 2 Replies

  • Verified Answer

    KellyT's Avatar
    Your Community Expert
    Verified Answer
    Hi @johnbristol, I've added a list of the password requirements below.

    Your password:



    • Must be at least 7 characters
    • Must be alphanumeric with at least 1 number and 1 alphabetic character
    • Cannot be the same as your username or your username backwards
    • Cannot contain the words "password", "letmein" or "tesco"
    • Cannot contain profanities
    • Is case sensitive
    • No character can be repeated more than 3 times
    • Must not exceed 64 characters in length

    Sign up for our Beta here

    If you need to ask a question about a Tesco Bank product, you can make a post in Help & Support here

    Also, feel free to Introduce Yourself and have fun in Off-topic too!


  • johnbristol's Avatar
    Fresh Eyes
    That's very helpful Kelly, and I'm sure it's what's meant to happen.

    I've just tried, to see where my problem lies.

    The first two get the following rejection from being set at all: "Your password doesn't meet our requirements. Please try again, and ensure that your password is at least 7 characters, AND includes letters and numbers. Your password cannot be the same as your username."

    This one, presumably because it has a + in it: Lwt9C13dxXbLSaTqF+3N4g
    Then this one rejected before acceptance, presumably because it's too long: Lwt9C13dxXbLSaTqF3N4g
    This one was accepted for change but then rejected when I tried to log in with it: Lwt9C13SaTqF3N4g
    Cutting it down to 13 characters allowed this one to change and to log into the system:
    Lwt9C13SaTqF3

    The actual "change my password" box was prefixed by " More than 6 characters
    You can use letters and numbers
    You can use the @ and . symbols"

    Which just sounds like it was left there when your rules were implemented.

    I do think someone should look, and then try it on a live account, and then update this thread with the testable truth, and that the message by the "change my password" option on the site should be made very very precisely accurate please.
    Last edited by johnbristol; 14-04-23 at 17:58. Reason: vary that password before someone tries it...