• $config['passwordIterations'] - default: 10 The strength of the bcrypt-based password storage system. Higher numbers are more secure but each increase will roughly double the amount of time it takes to generate or validate a password, leading to higher server usage.
Can someone explain a little more about this setting? If 10 is good, is 12 better? If so, is 15 too much?
Also, what is the Maximum Password Length in XenForo? I can't seem to turn up any info on that, other than this (older) thread: How do I increase the password input size in signup form?