XF 1.5 What are the XF minimum password requirements?

Alpha1

Well-known member
If a user enters a short password then they get no information except:
  1. Please enter a valid password.
It would be useful to inform the user what they are doing wrong.
 
If a user enters a short password then they get no information except:
  1. Please enter a valid password.
It would be useful to inform the user what they are doing wrong.
Actually, we only give that error if they enter no password.

There is actually no minimum password requirement apart from, well, actually entering one. It can be any password of any length with any characters with a minimum of 1 character.

(The exception, perhaps, is passwords that consist only of spaces, or other whitespace characters, we deliberately strip these from the beginning and end of the password).

Aside from the issue of forcing a certain complexity, which that add-on will allow, I'd have thought it would be patently obvious to someone that "Please enter a valid password" when you've not actually entered one, would be fairly obvious.

Unless you have another add-on that forces a minimum length, in which case I'd agree that having more information in that scenario would be more useful.

On the subject of XF forcing a certain password complexity, I'm unsure we'd actually do that. Password complexity requirements can be incredibly frustrating for users. If anything, we'd probably implement a password strength meter in the future, something like the dropbox/zxcvbn library, that would educate users on a decent password rather than making it a barrier.
 
The exception, perhaps, is passwords that consist only of spaces, or other whitespace characters, we deliberately strip these from the beginning and end of the password).
Could you expand on this? What do you mean with whitespace characters? Does this include dashes?
 
Top Bottom