ClickUp still imposes outdated password constraints — like maximum length limits, forced complexity rules, and restrictions on using spaces. These go against modern best practices from NIST, ANSSI, and others, which recommend:

Supporting long, user-friendly passphrases (e.g. 4+ random words)

Dropping arbitrary complexity (e.g. @, uppercase) rules

Allowing spaces and longer passwords (>64 chars)

Enabling passwordless auth (FIDO2/passkeys)

Blocking passwords found in breach databases

These outdated rules weaken security by encouraging bad habits (e.g. reuse, simple patterns) and make ClickUp less usable for security-conscious users and orgs.

Please consider modernizing this. Bitwarden, GitHub, and Google already follow these principles.