[% ELSIF error == "password_too_short" %] [% title = "Password Too Short" %] The password is less than three characters long. It must be at least three characters. -- My company's product would complain about this. So, here I am complaining. There should be a way to set the minimium password length, and the error message should reflect that length. Or perhaps it shouldn't reflect the lenght. I dunno.

Could we also include a check box for: Passwords must include: [ ] Capital [ ] Digit [ ] Special Character

Due to security reason it should be more important than enhancement.

(In reply to comment #0) > [% ELSIF error == "password_too_short" %] > [% title = "Password Too Short" %] > The password is less than three characters long. It must be at least > three characters. This message has been fixed in bug 332598. Not sure we want a UI for this, though.

(In reply to comment #2) > Due to security reason it should be more important than enhancement. I would agree with this. This should be a higher priority.

(In reply to comment #4) > (In reply to comment #2) > > Due to security reason it should be more important than enhancement. > > I would agree with this. This should be a higher priority. Severity != Priority. This is still just an enhancement, but it could be ranked at a higher priority (currently only P4). Note that Bugzilla 3.6 (via bug 524368) increases the minimum password length from 3 to 6, which is definitely an improvement. However, it's trivial to change this minimum length in the code (just one line in Bugzilla/Constants.pm). I'd much rather see something like comment #1 added so better checks could be made on the password.

(In reply to comment #5) > Severity != Priority. This is still just an enhancement, but it could be ranked > at a higher priority (currently only P4). Note that Bugzilla 3.6 (via bug > 524368) increases the minimum password length from 3 to 6, which is definitely > an improvement. However, it's trivial to change this minimum length in the code > (just one line in Bugzilla/Constants.pm). > > I'd much rather see something like comment #1 added so better checks could be > made on the password. I would rather seem complexity requirements then length as stated in comment #1. I would think length should have the same option but as you pointed out, it is an easy change.

If you'd like complexity requirements instead, then that would belong on another bug. This bug is about the minimum password length, only.

(In reply to comment #7) > If you'd like complexity requirements instead, then that would belong on > another bug. This bug is about the minimum password length, only. agreed. we will be submitted another bug for complexity.

I don't think we want a parameter for this. 99% of installations probably won't change the default value at all (currently 6), and the remaining 1% may have an idea how to edit it. My vote to wontfix this bug. Bug 558803 makes much more sense.

The constant added in bug 524368 is relatively easy to change so I'd agree. Especially since lately we have been making UI more simple, not more complex. Although, marking WFM since technically we have done what description says (no mention of UI there). :)