devise icon indicating copy to clipboard operation
devise copied to clipboard
verified publisher icon heartcombo

increase default password length validation to minimum 12 characters

Open gregmolnar opened this issue 1 year ago • 7 comments

gregmolnar avatar Apr 16 '24 14:04 gregmolnar

I like this change. It's simple and increases the security for default installations. I expect all developers to already use password managers that generate passwords that are mostly longer than 20chars. So this is only helping people to choose a more secure password not already using a password manager.

We need to remember that there are a lot of people not using a password manager, which would really use 6 chars long passwords when possible.

salzig avatar Mar 09 '25 12:03 salzig

@gregmolnar @salzig Can I say that I agree with both of you on this.

fthobe avatar Mar 09 '25 22:03 fthobe

I just realized that this would be a breaking change, so I will rework it. Ideally when a password is updated the new length would be required, I will look into how to make that happen.

gregmolnar avatar Mar 14 '25 10:03 gregmolnar

And just like that he almost broke the entire rails based internet 😂😂😂

fthobe avatar Mar 14 '25 14:03 fthobe

And just like that he almost broke the entire rails based internet 😂😂😂

Wouldn't be the first time, nor the last time :) If it would be merged to a major release it would be fine I think, but we can do better, I just need to find some time to do some changes.

gregmolnar avatar Mar 14 '25 17:03 gregmolnar

@gregmolnar i start to have the Impression that no one is merging anything here TBH

fthobe avatar Mar 15 '25 11:03 fthobe

I changed this to set the new minimum length for newly generated configs. Let's see it maintenance picks up and then I will work on rolling this out on password updates too.

gregmolnar avatar Mar 15 '25 11:03 gregmolnar