🛑 This ticket is blocked by T211621: The 'your password is weak' message should display on log in for privileged accounts only
We need to modify the required lengths of passwords. Specifically, these changes should be made:
- Increase minimum password length for all non-privileged accounts from 1 to 8.
- When a person creates a new account and their password does not match these requirements, the API or the UI should return an appropriate error message.
- These error messages already exist, but should be updated to display the new accurate information.
- If a non-privileged user logs in with a password that does not meet these requirements, they should not be messaged about their password strength. (See T211621)
- If a non-privileged user resets their password, the new password must meet the latest requirements
- New password minimum length of 8 for new accounts is enforced on account creation and password reset
- Error messages display as needed and display accurate information
- No other user-facing change for non-privileged accounts