From f0d80529517eddac9432daab9984c38784528a76 Mon Sep 17 00:00:00 2001 From: Kegan Dougal Date: Wed, 14 Oct 2015 15:42:44 +0100 Subject: [PATCH] SPEC-205: Warn about password strengths in m.login.password section --- specification/1-client_server_api.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/specification/1-client_server_api.rst b/specification/1-client_server_api.rst index 59e6b68e..a63c114a 100644 --- a/specification/1-client_server_api.rst +++ b/specification/1-client_server_api.rst @@ -215,6 +215,12 @@ To respond to this type, reply with an auth dict as follows:: "password": "" } +.. WARNING:: + Clients SHOULD enforce that the password provided is suitably complex. The + password SHOULD include a lower-case letter, an upper-case letter, a number + and a symbol and be at a minimum 8 characters in length. Servers MAY reject + weak passwords with an error code ``M_WEAK_PASSWORD``. + Google ReCaptcha ~~~~~~~~~~~~~~~~ :Type: