Password security is vitally important to ensure that your account is safe and secure from hackers. To help protect your account, certain passwords will not be accepted on Envato Market.
The password you enter will be evaluated based on its strength and suitability for account security.
If your chosen password does not pass validation, it will not be accepted. You will be prompted to create a stronger password.
Common reasons a password is not accepted:
- A weak combination or variation of common dictionary words or common passwords (e.g. abc123, p@ssw0rd, password123).
- A variation on an Envato term, your username or your account details (e.g. themeforest123).
- Too short or otherwise insecure.
- The password has been reported in a data breach external to Envato.
If you received this message when setting your password: ‘the password you have chosen is found in public lists of insecure passwords. Please choose a different password.' this means that your password has been found in a list of publicly known breached passwords. Once a password has been breached it’s no longer secure and shouldn’t be used because it’s more likely to be used in attacks to take over user accounts.
The ‘haveibeenpwned’ service keeps a record of known passwords that are exposed to data breaches. Without sharing passwords, we can use this service to check if a password has been breached and ask you to choose another. You can check it out yourself here.
Please note, we will never share your password with a third party. We're able to check your password safely by hashing your password and then only sending a small fragment of the hash to the 'haveibeenpwned' service, which then returns a list of possible matches. You can read more about the anonymity guarantee here.
For maximum account security, it’s recommended you:
- Have a complex password made up of uppercase letters, lowercase letters and numbers (you can use a password generator if you wish).
- Have a unique password for your Envato account.
- Change your password regularly.
- Keep your password private and never give it out