Set Password Strength for Meteor accounts login

[jeffcorpuz]

Feature Request Description

There is no standard password strength checklist or a place where you can enable the strength of a password when creating accounts and/or resetting passwords.

i.e You can create an account with a password with one character.

Possible Solution

Add the capability for an administrator to set-up minimum password requirements. Add a reasonable default password requirement.

Examples:

• Minimum length
• Maximum length
• Allowed characters
• Diversity of characters

---

Source: https://en.wikipedia.org/wiki/Password_strength

[ticean]

The issue title contains "OAuth/Hydra" but password policies are completely handled by the "Identity Provider", implemented by Reaction by the Meteor auth package. Hydra only issues tokens upon confirmation of the user login.

[jeffcorpuz]

@ticean thanks for the clear up! edited the title to reflect it properly.

[aldeed]

Meteor's story on this seems to be that you should do it with a regular expression, or using something like zxcvbn in browser code. It seems possible to re-check on the server, but not easy given their default configuration.