Password requirements

Keep in mind that the passwords we choose contribute to the security of our Sourcegraph-managed systems and data. In addition to being users, many of us are also administrators so it is especially important to be thoughtful when selecting a password.

Below is guidance for setting passwords to Sourcegraph-managed accounts, these are strongly recommended and will be enforced at the organizational level when available.


  • Make passwords complicated enough to need the use of a password manager (we use 1Password)
  • Make passwords randomly generated through the use of a password manager (we use 1Password)
  • Create a new password for every system - the primary goal is password diversity
  • Make passwords hard to guess, even by those who know a lot about you
  • Use a mix of numbers, letters (upper and lower case), and special characters
  • Create a password that is ideally 15 characters or longer
  • When creating your own, we recommend using a passphrase or sentence so it’s easier to remember and meet the above requirements! Example: HungryAnteaterAte1400Ants!

Do not:

  • Use the browser based auto-fill, the 1Password browser extension should be used
  • Use a password that is the same or similar to one you use on any other websites
  • Use a single word, for example, password, or a commonly-used phrase like Iloveyou or a string of numbers/letters, such as abc123
  • Use identifiable information about yourself, such as the names and birthdays of your friends and family, your favorite bands, or phrases you tend to use
  • Mix personal and work-related passwords