Skip to content

increase default password length validation to minimum 12 characters #5685

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

increase default password length validation to minimum 12 characters #5685

wants to merge 1 commit into from

Conversation

@gregmolnar
Copy link
Contributor

No description provided.

@salzig
Copy link

salzig commented Mar 9, 2025

I like this change. It's simple and increases the security for default installations. I expect all developers to already use password managers that generate passwords that are mostly longer than 20chars. So this is only helping people to choose a more secure password not already using a password manager.

We need to remember that there are a lot of people not using a password manager, which would really use 6 chars long passwords when possible.

@salzig salzig mentioned this pull request Mar 9, 2025
Closed
@fthobe
Copy link

fthobe commented Mar 9, 2025

@gregmolnar @salzig Can I say that I agree with both of you on this.

kykyi
kykyi approved these changes Mar 9, 2025
View reviewed changes
Copy link

@kykyi kykyi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a maintainer but want to show my support 😄

@gregmolnar
Copy link
Contributor Author

I just realized that this would be a breaking change, so I will rework it. Ideally when a password is updated the new length would be required, I will look into how to make that happen.

@gregmolnar gregmolnar marked this pull request as draft March 14, 2025 10:29
@fthobe
Copy link

fthobe commented Mar 14, 2025

And just like that he almost broke the entire rails based internet 😂😂😂

@gregmolnar
Copy link
Contributor Author

And just like that he almost broke the entire rails based internet 😂😂😂

Wouldn't be the first time, nor the last time :)
If it would be merged to a major release it would be fine I think, but we can do better, I just need to find some time to do some changes.

@fthobe
Copy link

fthobe commented Mar 15, 2025

@gregmolnar i start to have the Impression that no one is merging anything here TBH

@gregmolnar gregmolnar marked this pull request as ready for review March 15, 2025 11:36
@gregmolnar
Copy link
Contributor Author

I changed this to set the new minimum length for newly generated configs. Let's see it maintenance picks up and then I will work on rolling this out on password updates too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@salzig salzig salzig approved these changes

@kykyi kykyi kykyi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gregmolnar @salzig @fthobe @kykyi