On Tue, 27 Sept 2022 at 16:48, Jeffrey Walton <noloader@gmail.com> wrote:

I was wandering through
https://www.cryptopp.com/wiki/Special:PasswordPolicies , which comes
from Mediawiki 1.38.2.

The first line for Autoconfirmed Users says:

Password must be at least 1 character long
(MinimalPasswordLength) (suggest change on login)

I think there are several problems with the page in general and text
in particular. First, a 1 character password is not really acceptable
in practice. It is probably time to increase the size of a minimum
password, to something like 16.

That is the default for unprivileged users, yes. The default for bots, sysops, interface-admins, and bureaucrats is 10. Obviously each wiki's sysadmins can set it whatever they like. Raising the default to some value above 1 (before MW 1.27 in 2015 the default was 0) is a nice idea, though potentially breaking a few users' set-ups. We raised it to 8 for Wikimedia accounts years ago, so I'll propose this change for MW 1.40.

Second, the referenced variable, MinimalPasswordLength, is deprecated.
Or $wgMinimalPasswordLength is deprecated.
https://www.mediawiki.org/wiki/Manual:$wgMinimalPasswordLength

It might be a good idea for someone to visit the documentation for
Special:PasswordPolicies and maybe update it.

That's not a variable, it's the flag for wgPasswordPolicy. See https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy for more details.

James D. Forrester (he/him or they/themself)

Wikimedia Foundation