The signup page currently allows users to create a password of length 1. This poses a security risk as such short passwords are vulnerable to attacks, reducing the overall account security for users.
Steps to Reproduce
Navigate to the signup page.
Attempt to create an account using a password that is only 1 character long.
Observe that the system accepts the password and allows the account creation to proceed.
Expected Behavior
The system should enforce a minimum password length requirement (e.g., 8 characters) to ensure adequate security. A validation error should appear if a user attempts to enter a password shorter than this length, preventing account creation.
Actual Behavior
The signup page accepts passwords of any length, including those as short as one character, and allows the account creation to proceed without warning or error.
Recommended Solution
Implement a minimum password length validation on the signup page.
Display an error message if a user enters a password shorter than the required minimum length (e.g., "Password must be at least 8 characters long").
Consider additional password strength validations to encourage the use of complex passwords.
Summary
The signup page currently allows users to create a password of length 1. This poses a security risk as such short passwords are vulnerable to attacks, reducing the overall account security for users.
Steps to Reproduce
Expected Behavior
The system should enforce a minimum password length requirement (e.g., 8 characters) to ensure adequate security. A validation error should appear if a user attempts to enter a password shorter than this length, preventing account creation.
Actual Behavior
The signup page accepts passwords of any length, including those as short as one character, and allows the account creation to proceed without warning or error.
Recommended Solution