Hi everyone,
For some time now we've had two Requests for Comment floating around
related to passwords, neither of them making much progress.
One is the older "password strength" RFC which proposed creating a module
to tell users about the strength of their passwords. The second, "Password
requirements", had some discussion but wasn't reaching consensus and
implementation.
After proposing it about a month ago, I've merged these two RFCs and
refactored them in to
https://www.mediawiki.org/wiki/Requests_for_comment/Passwords, partially
based on feedback from Chris Steipp.
Please comment. I've tried to sharpen the proposals down in to one thing we
can do _right now_ which will do the most good for the most users. However,
there are several other viable ideas which merit discussion and example
implementations.
Thanks!
Steven