Comment 1 for bug 1541171

Aaron Wells (u-aaronw) wrote :

Hi Kristina,

I wasn't able to replicate this issue. When I tried to create a three-letter password, either on my own account settings page, or in the "Administration -> Users -> Add user" page, I got an error message telling me my password must be at least six characters long.

And looking at the "is_password_valid()" method in htdocs/auth/internal.php, I see that the current limitation on passwords seems to be this regular expression:

/^[a-zA-Z0-9 ~!@#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\|`\']{6,}$/

In other words at least 6 characters, with the allowed list of characters being basically everything on a QWERTY keyboard. And there doesn't seem to be any upper limit. (I set my password to something that was 168 characters long, with no problem.)

Can you clarify if there's a screen I'm missing or something?