Inadequate Password Length Restrictions

[mohit-1710]

Issue: Password Length Validation Too Short

Description

The current password validation on both login and signup forms allows passwords of length 1 or 2. This compromises the security of the application, as short passwords are highly vulnerable to brute-force attacks.

Expected Behavior

• Password length should have a minimum requirement (typically 8 characters) for both the login and signup forms.
• The system should reject passwords that do not meet the required length and display an appropriate error message to the user.

Actual Behavior

• The system accepts passwords of length 1 or 2 without any validation.
• No error message is shown, and the user is able to proceed with the login or signup using a weak password.

Screenshot:

Steps to Reproduce

1. Go to the signup or login page.
2. Enter a password with only 1 or 2 characters.
3. Submit the form.
4. Notice that the form accepts the password without any validation error.

Possible Fix

Implement a password validation rule that enforces a minimum password length of 8 characters. Additionally, the system should notify users if their password is too short during the signup or login process.

Environment

• Repository: Blogverse
• Browser: Brave/Chrome
• Operating System: Linux

Additional Context

This issue severely impacts the security of the application by allowing users to create weak passwords, potentially leading to data breaches.

[mohit-1710]

@Anshul439 I would be happy to work on this issue.

[namansharma3007]

@Anshul439 Please assign this issue to me. I have worked passwords.

[Anshul439]

@Anshul439 I would be happy to work on this issue.

Go ahead.