Description of the need

I would like a simple way to enforce more secure passwords in Backdrop core. Since a longer password is a stronger password, I would like a minimum length setting for passwords.

Proposed solution

  • An admin sets a minimum length for passwords Screen Shot 2020-09-01 at 8 20 11 PM

  • When a password is created that does not meet that minimum, a validation error is thrown asking for a longer one. Screen Shot 2020-09-01 at 8 21 46 PM

Alternatives that have been considered

This a follow up to https://github.com/backdrop/backdrop-issues/issues/4265, where at some point a minimum password length setting was added as a factor in password strength. Both @stpaultim and I recognized it as its own setting, and were surprised when setting a minimum password length still allowed passwords to be created that did not meet the minimum.

Through discussion we realized that the setting we saw -- and that I loved! -- was not intended to be used as a control on allowed password length.

I'm creating this new issue because I still want a password minimum length feature for Backdrop core.

GitHub Issue #: 
4589