Description of the need
I would like a simple way to enforce more secure passwords in Backdrop core. Since a longer password is a stronger password, I would like a minimum length setting for passwords.
Proposed solution
An admin sets a minimum length for passwords
When a password is created that does not meet that minimum, a validation error is thrown asking for a longer one.
Alternatives that have been considered
This a follow up to https://github.com/backdrop/backdrop-issues/issues/4265, where at some point a minimum password length setting was added as a factor in password strength. Both @stpaultim and I recognized it as its own setting, and were surprised when setting a minimum password length still allowed passwords to be created that did not meet the minimum.
Through discussion we realized that the setting we saw -- and that I loved! -- was not intended to be used as a control on allowed password length.
I'm creating this new issue because I still want a password minimum length feature for Backdrop core.
Recent comments
I'll be very happy to test this and will report back.
Database update warning - but no pending updates
For anyone interested in an improvement to the Status report that should help with this, please see this issue and the associated pull request: https://github.com/backdrop/backdrop-issues/...
Database update warning - but no pending updates
@paucku I note from this issue here: https://github.com/backdrop-contrib/domain/issues/71 That you started getting this config formatting after changing the module to what Chat...
I need to understand how active and staging folders work โ configuration management