So, I’m working on an Android app, and wanted to do basic password checking in the login form, so I thought I’d see what the Spark Cloud allows, via experimentation. It seems that it will even allow passwords of only one character!? That seems like a bit of a security risk if you ask me. Could at least some basic length checking be implemented? For reference, there is now an account with user/pass firstname.lastname@example.org/a Feel free to use/ delete that account…
Good question! We kept the requirements very minimal at the start, but as people use their accounts more and more, I agree that it’s a good idea to enforce some minimal length. We do have an internal issue open for minimum password length, but I’d also like to add 2-factor auth before too long, and some other fun security features. I’ll open some internal issues for these so they don’t get lost.