Discussion in the OSC meeting clarified this for me, consensus is that OSC should handle empty passwords for auth and not place any restrictions or validation when setting the password.
Discussion in the OSC meeting clarified this for me, consensus is that OSC should handle empty passwords for auth and not place any restrictions or validation when setting the password.