👯♂️ See also: T208246: Change password length requirement and ensure enforcement for privileged users (from 8 to 10)
🛑 This ticket is blocked by T211621: The 'your password is weak' message should display on log in for privileged accounts only
Info
We need to modify the required lengths of passwords. Specifically, these changes should be made:
- Increase minimum password length for all non-privileged accounts from 1 to 8.
- When a person creates a new account and their password does not match these requirements, the API or the UI should return an appropriate error message.
- These error messages already exist, but should be updated to display the new accurate information.
- If a non-privileged user logs in with a password that does not meet these requirements, they should not be messaged about their password strength. (See T211621)
- If a non-privileged user resets their password, the new password must meet the latest requirements
Acceptance criteria
- New password minimum length of 8 for new accounts is enforced on account creation and password reset
- Error messages display as needed and display accurate information
- No other user-facing change for non-privileged accounts