SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Minimum Password Requirements for Twilio

We have updated the minimum password requirements for Twilio accounts as of September 2021. This guide explains the new requirements, and everything you need to know about this change.

New Password Requirements

All Twilio account passwords have the following requirements:

  • Passwords must contain at least 16 characters.
  • Passwords can’t contain repeating characters of 2 or more consecutive characters (e.g., “AAbcdef”).
  • Password must contain at least 3 of the following:
    • Lower case letters (a-z).
    • Upper case letters (A-Z).
    • Numbers (0-9)
    • Special characters (e.g. !@#$%^&*)
  • Password cannot be the same as your last password

We recommend using a password manager to generate and manage your Twilio passwords. If a password manager is not available, consider using a long paraphrase that has a meaning to you. It should include special characters and be difficult to crack.

Adhering to the new password requirements

Every time you log into Twilio.com, we check the password you entered successfully against our minimum password policy requirements.

If your password doesn't meet our minimum, we automatically trigger a password reset request by sending a link to the email address linked to your Twilio user. The link in the reset email will guide you to creating a more secure password and you’ll be ready to access Twilio again.

The minimum password standard check is separate from the comparison operation we do to authenticate your account, which involves “hashing” the password (a secure one-way encryption algorithm) and comparing it to our securely stored value. Twilio does not store your password in plaintext or in a reversible format.

Password detected as part of data breach

Every time you log into Twilio.com, we check the password you entered successfully against breached password databases.

If your password is found in these databases - then an error message will appear notifying you of it.

If you are signing up - enter a new password.

If you are an existing customer - use our Reset Password flow.

I haven’t logged in recently but I received one or more password reset emails

Someone may have discovered your password through credential stuffing (which involves attempting logins with passwords shared with other compromised sites) or guessed your password using other techniques. Your Twilio account has not been compromised, but your password may have been. You are blocked from console access until you upgrade your password to the new requirements. You should log in to Twilio with your old password and get a fresh password reset link, upgrade your password strength, and you’ll be all set!

I didn’t receive a password reset email

Please check your spam folder first. If you can’t locate your email, you can get in touch with our support team to receive a reset link.

If you no longer have access to the email you registered under, we’ll verify by other means. You can contact customer support for more details.

What else can I do to secure my account?

For additional security we also recommend you implement our two-factor solution using SMS or Authy. Please see the following support article on how to do that: Enabling two factor authentication on your Twilio account, and our guide regarding anti-fraud prevention: Anti-Fraud Developer’s Guide

Have more questions? Submit a request
Powered by Zendesk