Look into the requested password changes outlined in T205931: Specialist support for 2018/19 password strengthening project and prepare a technical plan and needed Phabricator tickets for implementing the changes.
- Increase minimum password length for all newly created accounts from 1 to 8.
- Increase minimum password length for all admin accounts from 8 to 10.
- All newly created accounts and admin accounts must have a password outside the top 100,000 popular passwords. (Current is 100.) — Handled by T151425.
- When a person creates a new account and their password does not match these requirements, the API or the UI should return an appropriate error message.
- When an admin logs in with a password that does not match the requirements, they should see a notification that their password does not match the requirements. (This notification already exists.)
- No change for existing non-admin accounts.
Things to investigate/do