ClickUp still imposes outdated password constraints — like maximum length limits, forced complexity rules, and restrictions on using spaces. These go against modern best practices from NIST, ANSSI, and others, which recommend: Supporting long, user-friendly passphrases (e.g. 4+ random words) Dropping arbitrary complexity (e.g. @, uppercase) rules Allowing spaces and longer passwords (>64 chars) Enabling passwordless auth (FIDO2/passkeys) Blocking passwords found in breach databases These outdated rules weaken security by encouraging bad habits (e.g. reuse, simple patterns) and make ClickUp less usable for security-conscious users and orgs. Please consider modernizing this. Bitwarden, GitHub, and Google already follow these principles.