Hi everyone,
For some time now we've had two Requests for Comment floating around related to passwords, neither of them making much progress.
One is the older "password strength" RFC which proposed creating a module to tell users about the strength of their passwords. The second, "Password requirements", had some discussion but wasn't reaching consensus and implementation.
After proposing it about a month ago, I've merged these two RFCs and refactored them in to https://www.mediawiki.org/wiki/Requests_for_comment/Passwords, partially based on feedback from Chris Steipp.
Please comment. I've tried to sharpen the proposals down in to one thing we can do _right now_ which will do the most good for the most users. However, there are several other viable ideas which merit discussion and example implementations.
Thanks!
Steven