envonge Posted May 14, 2009 Posted May 14, 2009 Why is the minimum password length only 3 characters? I see no option to change this in 3.0.0 RC1 and 2.3.6 just allows any number of characters even a single character. :rolleyes: I hope I'm just overlooking the option to change this because it would be sad on so many levels if IPB really set it up like this.
bfarber Posted May 15, 2009 Posted May 15, 2009 There's no setting for the minimum password length. Wouldn't be too hard to add one in the future.
Michael Posted May 15, 2009 Posted May 15, 2009 [quote name='envonge' date='14 May 2009 - 05:07 PM' timestamp='1242335275' post='1801829'] ...2.3.6 just allows any number of characters even a single character. :rolleyes: No, it didn't. 2.3.6 also required at least three characters for the password.
envonge Posted May 15, 2009 Author Posted May 15, 2009 [quote name='Μichael' date='15 May 2009 - 04:12 PM' timestamp='1242400330' post='1802137'] No, it didn't. 2.3.6 also required at least three characters for the password. Every 2.3.6 board I've tried allows 1 character passwords even a blank space.
Michael Posted May 15, 2009 Posted May 15, 2009 Maybe you can change your password after the fact to be just one character or a blank space, but you certainly cannot register an account that way. I know the code for the registration system pretty well, and I verified that it does check the password length there, and I have also tried to register at a 2.3.6 board with a single character password, and was told "The password section is incomplete". EDIT: Looking at the code now for changing a password, I do see that yes, you can change your password after the fact to a single character. So you're part right, I guess. Although why anyone would do that is beyond me.
bfarber Posted May 15, 2009 Posted May 15, 2009 I am not of the opinion that one should enforce THEIR personal password systems upon others. I hate some of the sites I visit because you must have x number of chars and at least x must be letters or numbers and you must have x number of special characters - quite frankly it's my account and I should be the one concerned with whether it gets hacked or not (so long as I do not have some sort of elevated access). That said, as I said before, it wouldn't be difficult to add a setting for this.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.