---
title: >-
  Vulnerable password validation on the Storefront API's Customer object -
  Shopify developer changelog
description: >-
  Shopify’s developer changelog documents all changes to Shopify’s platform.
  Find the latest news and learn about new platform opportunities.
source_url:
  html: >-
    https://shopify.dev/changelog/vulnerable-password-validation-on-the-storefront-api-s-customer-object
  md: >-
    https://shopify.dev/changelog/vulnerable-password-validation-on-the-storefront-api-s-customer-object.md
metadata:
  effectiveApiVersion: ''
  affectedApi: []
  primaryTag:
    displayName: API
    handle: api
  secondaryTag:
    displayName: Update
    handle: update
  indicatesActionRequired: false
  createdAt: '2021-11-15T13:20:32-05:00'
  postedAt: '2021-11-16T00:00:00-05:00'
  updatedAt: '2024-02-02T10:05:03-05:00'
  effectiveAt: '2021-11-16T00:00:00-05:00'
---

November 16, 2021

Tags:

* API

# Vulnerable password validation on the Storefront API's Customer object

Validation to identify vulnerable passwords has been added to the Storefront API's [customerReset](https://shopify.dev/api/storefront/reference/customers/customerreset) and [customerResetByUrl](https://shopify.dev/api/storefront/reference/customers/customerresetbyurl) mutations.

Now, when you try resetting a password to one that’s considered vulnerable, the API will return an error.