force strong passwords
from @nomoon : Some good thoughts here: https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/
TL;DR:
Minimum 8 character, maximum 64+. Accept all ASCII/Unicode printable characters. If possible, check against a known-bad dictionary of passwords. No composition rules. No hints. No time-based password expiration policy.
https://github.com/cdli-gh/Framework/issues/52
Rules :
- Password length : 8(min) to 256(max) characters
Checklist
-
Implement rules. -
Test on register Page