Password security is essential to protect your account from unauthorized access. To help keep your account safe, certain passwords will not be accepted on Envato Market.
-
Why is my password not accepted?
The password you enter is evaluated for its strength and suitability for account security. If it doesn't pass validation, you'll be prompted to create a stronger password.
Common reasons a password is not accepted include:
- It's a weak combination of common words or passwords (e.g., abc123, p@ssw0rd, password123).
- It's a variation of an Envato term, your username, or your account details (e.g., themeforest123).
- It's too short or otherwise insecure.
- The password has been reported in a data breach external to Envato.
-
I was told my password was found in a public list of insecure passwords. What does that mean?
If you see the message, "the password you have chosen is found in public lists of insecure passwords," it means your password has been exposed in a publicly known data breach. Once a password has been breached, it's no longer secure and is more likely to be used in attacks.
We can check your password against a list of breached passwords without sharing it with a third party. We do this by hashing your password and only sending a small fragment of the hash to the haveibeenpwned service, which returns a list of possible matches. You can read more about the anonymity guarantee here.
-
How can I create a strong and secure password?
For maximum account security, we recommend that you:
- Use a complex password with a mix of uppercase letters, lowercase letters, and numbers. Consider using a password generator.
- Use a unique password for your Envato account.
- Change your password regularly.
- Keep your password private and never share it.