I'm using Firebase's createUserWithEmailAndPassword() method to register users, and I'd like to enforce password and email rules on the client side. While I've observed that passwords with fewer than 6 characters result in an error:
Password should be at least 6 characters
I haven't found comprehensive rules for password and email validation in the official documentation.
Can anyone provide or point me to the exact validation rules for both password and email when using this Firebase method?
Edit: 21.03.2025
Nowadays, there is no need to write client-side code in order to check the correctness of a password. In Android, if you try to authenticate using an incorrect password, a FirebaseException is thrown, which contains an error message that looks similar to this:
An internal error has occurred. [ PASSWORD_DOES_NOT_MEET_REQUIREMENTS:Missing password requirements: [Password must contain at least 6 characters, Password must contain an upper case character] ]
So the exception contains messages that are related to the password requirements, lowercase characters, uppercase characters, or non-alphanumeric characters, etc.
---
As @FrankvanPuffelen mentioned in his comment, the minimum that is required to sign a user in is to have a valid email address and a password with a minimum length of 6 characters. If you don't do that, an exception will be thrown. However, if you need more than that, then you have to write code on the client. For example, if you want to restrict the authentication if the user provides an email address that is not correct, then you can validate it using one of the solutions that exist below:
If you want the same for the password, then you can write your own regular expressions to validate the password.