---
title: Vulnerable password validation on the Storefront API's Customer object - Shopify developer changelog
description: Shopify’s developer changelog documents all changes to Shopify’s platform. Find the latest news and learn about new platform opportunities.
source_url:
  html: https://shopify.dev/changelog/vulnerable-password-validation-on-the-storefront-api-s-customer-object
  md: https://shopify.dev/changelog/vulnerable-password-validation-on-the-storefront-api-s-customer-object.md
---

[Back to Developer changelog](https://shopify.dev/changelog)

November 16, 2021

Tags:

* API

# Vulnerable password validation on the Storefront API's Customer object

Validation to identify vulnerable passwords has been added to the Storefront API's [customerReset](https://shopify.dev/api/storefront/reference/customers/customerreset) and [customerResetByUrl](https://shopify.dev/api/storefront/reference/customers/customerresetbyurl) mutations.

Now, when you try resetting a password to one that’s considered vulnerable, the API will return an error.