Which begs the question... Why can I register a new account on my forums with exactly that password (which is only 5 characters long)? Why can a new member, in fact, register an account with as few as 3 characters as a password?...
I realise that new (or existing) members don't get access to your ACP unless you give it to them... but that's exactly what I'm about to do with two of my existing members (albeit restricted access). How can I be sure that they're using secure passwords without actually having to check up on them first?
Surely the IPB registration form can be changed/enhanced to force all new members to choose much more secure passwords in the first place? I mean, there are countless websites (like banks) that include something like, "Your password must be at least 7 characters long and include at least 3 letters and 3 numbers"... (or whatever it is). Yet Invision considers 3 characters to be a strong password?
