Item2556: Increase default {MinPasswordLength} to 7 characters

The minimum password length out of the box on trunk and release branches at the moment is 1 character.

Are there any objections to increasing the default? 6 characters maybe?

-- PaulHarvey - 02 Jan 2010

No objections.

-- GilmarSantosJr - 02 Jan 2010

I had some trouble choosing a number.

I chose 7 characters because that's what Microsoft chose for their Server2003 product.

If users dislike this then they can change it in their configure settings (at least they're actively lowering it, instead of the previous situation which was that admins may not have realised the default minimum is only 1 char).

-- PaulHarvey - 05 Jan 2010

IMHO, 6 would be a nice default, as it is the default for many applications (at least the great majority of the ones I use).

-- GilmarSantosJr - 07 Jan 2010

Do you have an example application to study? Eg. gmail is 8 characters, I'm pretty sure Yahoo is too.

We could always make it 15 chars and promote passphrases instead!

-- PaulHarvey - 07 Jan 2010

I like the 7 char proposal (if users realize that they can't use the 6 char pwd they use for other apps, this may be a good thing; OTOH, they can always shout at the admins to lower the default to 6 or so like Gilmar suggested).

Of course, we could raise the default even more (the-wiki-engine-with-the-longest-default-password-length-are-us?), but I guess in most organizations this will be handled by means of integrated solutions (LDAP or other) anyway to provide a single-sign-on solution. Six chars should be the absolute minimum, though.

-- MarkusUeberall - 07 Jan 2010

If GMail is 8 and microsoft uses 7, then I'm outdated... anyway I encorage users to use at least 8

-- GilmarSantosJr - 07 Jan 2010

I think 7 is a fine choice.

-- KennethLavrsen - 09 Jan 2010