XF 1.5 What are the XF minimum password requirements?

Alfa1

Well-known member
If a user enters a short password then they get no information except:
  1. Please enter a valid password.
It would be useful to inform the user what they are doing wrong.
 

Alfa1

Well-known member
Installing addon number 82... :D
It keeps amazing me how many addons xenforo requires for basic functions.
 

Chris D

XenForo developer
Staff member
If a user enters a short password then they get no information except:
  1. Please enter a valid password.
It would be useful to inform the user what they are doing wrong.
Actually, we only give that error if they enter no password.

There is actually no minimum password requirement apart from, well, actually entering one. It can be any password of any length with any characters with a minimum of 1 character.

(The exception, perhaps, is passwords that consist only of spaces, or other whitespace characters, we deliberately strip these from the beginning and end of the password).

Aside from the issue of forcing a certain complexity, which that add-on will allow, I'd have thought it would be patently obvious to someone that "Please enter a valid password" when you've not actually entered one, would be fairly obvious.

Unless you have another add-on that forces a minimum length, in which case I'd agree that having more information in that scenario would be more useful.

On the subject of XF forcing a certain password complexity, I'm unsure we'd actually do that. Password complexity requirements can be incredibly frustrating for users. If anything, we'd probably implement a password strength meter in the future, something like the dropbox/zxcvbn library, that would educate users on a decent password rather than making it a barrier.
 

Alfa1

Well-known member
The exception, perhaps, is passwords that consist only of spaces, or other whitespace characters, we deliberately strip these from the beginning and end of the password).
Could you expand on this? What do you mean with whitespace characters? Does this include dashes?
 

Xon

Well-known member
If anything, we'd probably implement a password strength meter in the future, something like the dropbox/zxcvbn library, that would educate users on a decent password rather than making it a barrier.
The add-on I linked to wraps a php-port of that the dropbox library in a XF add-on and a few minor config options.
 

Chris D

XenForo developer
Staff member
Could you expand on this? What do you mean with whitespace characters? Does this include dashes?
No. A whitespace character is anything that represents a space or similar character, such as an actual space, tab, new line etc.
 
Top