kflynn
commented
8 years ago Closing for now – eventually I think @janicedatawire is correct and we'll have to deal with this, but let's wrangle it once someone is willing to write a check with it and not without it.
I am not an advocate of requiring folks to jump through hoops with respect to password values, but there currently are no rules regarding password length or values as far as I can tell. I have used passwords that match my user name and my email address as well as passwords that are as short as 3 characters long. We should probably have/enforce some rudimentary password rules.