- Issue created by @alexmoreno
- π¬π§United Kingdom rachel_norfolk UK
Adding more information to guide people giving feedback...
1. I would consider requiring a longer password length than 6 characters as it is more important for security reasons than a really short password even with special characters.
2. It is a best practice to lock a user out if they use an incorrect password multiple times. I don't know if such a mechanism is currently in place, just wanted to mention it.
3. There are ways to check if a password that user provides has been compromised in a data leak. For example API like https://haveibeenpwned.com/API/v3#PwnedPasswords can do this.