As part of the code reorganization for the next version of XMB, I've decided to impose a minimum password length for all new members, which would also apply to password changes for existing members. This was never done in the past, so in theory a password could be set to 'A' and offer very little account protection.

Does anyone want to comment about what is too low or too high for a minimum length?

Eh, idiots will set idiotic passwords regardless of length. It's their own fault if they set it to something like that, not the admin's.

8 characters seems reasonable enough to me.

inb4 someone suggests we scrap passwords and use public keys instead

Quote:

[Wed Jun 11 21:34:45.628774 2025] [php:error] [pid 6436:tid 6436] [client 127.0.0.1:49338] PHP Fatal error: Uncaught Error: Call to a member function error() on null in /srv/www/htdocs/include/functions.inc.php:2150\nStack trace:\n#0 /srv/www/htdocs/member.php(279): XMB\\Core->assertPasswordPolicy()\n#1 {main}\n thrown in /srv/www/htdocs/include/functions.inc.php on line 2150, referer: http://localhost/member.php?action=reg

Is this related to this proposal, or is it just another bug? :p

Simple typo. I will check if I can tweak that without messing up my local clone.