Passwords should be more complex.

[eredisg]

According to OWASP Authetication Cheat Sheet, passwords should implement the following:

• Password must meet at least 3 out of the following 4 complexity rules
  • at least 1 uppercase character (A-Z)
  • at least 1 lowercase character (a-z)
  • at least 1 digit (0-9)
  • at least 1 special character (punctuation) — do not forget to treat space as special characters too
• at least 10 characters
• at most 128 characters
• not more than 2 identical characters in a row (e.g., 111 not allowed)

Having complex passwords reduces the risk of an attacker gaining access on a user's account via brute-force.

[eredisg]

I am willing to fix this issue. Just need the approval from @simon987

[simon987]

Thank you for your concerns. As of right now there is very little incentive to get access to a user's account, much less brute forcing it.

I personally do not see why forcing users to use a strong (and arguably easier to forget) password would be worthwhile.

However if you're willing to implement other kinds of security features like hidden tokens or login attempts limit that could be fun

Thank you again

[simon987]

Closing this for inactivity