Merge pull request #104 from matrix-org/spec-205-password-strength

SPEC-205: Warn about password strengths in m.login.password section
2015-10-14 17:45:42 +01:00 · 2015-10-14 17:45:42 +01:00 · dd5b41e99c
commit dd5b41e99c
parent a7332c8684 f0d8052951
1 changed files with 6 additions and 0 deletions
--- a/specification/1-client_server_api.rst
+++ b/specification/1-client_server_api.rst
@ -215,6 +215,12 @@ To respond to this type, reply with an auth dict as follows::
    "password": "<password>"
  }

+.. WARNING::
+  Clients SHOULD enforce that the password provided is suitably complex. The
+  password SHOULD include a lower-case letter, an upper-case letter, a number
+  and a symbol and be at a minimum 8 characters in length. Servers MAY reject
+  weak passwords with an error code ``M_WEAK_PASSWORD``.
+
 Google ReCaptcha
 ~~~~~~~~~~~~~~~~
 :Type: