This is important as it will help increase the security of the data stored in Matomo.
By ensuring that all users have strong passwords, and that they are forced to set a strong password.
By default, we should use an existing/standard set of strong password checks.
How much do we let super users customise the password policy details (number of min chars, etc. etc.)?
Here is what it looks like in discourse, which would be a great place to start:
Here is the text version:
min password length Minimum password length. min admin password length Minimum password length for Admin. password unique characters Minimum number of unique characters that a password must have. block common passwords Don't allow passwords that are in the 10,000 most common passwords.
if we implement the
Don't allow passwords that are in the 10,000 most common passwords. this would be similar, but different, from https://plugins.matomo.org/PasswordVerifier#description which sends some hash of password to an API (which we wouldn't want to do)
there is also a plugin for password policy but we wouldn't do it exactly like in that plugin (would rather do it like Discourse does (see above)) https://plugins.matomo.org/PasswordPolicyEnforcer#preview