= Customize password requirements

By default, Rodauth requires passwords to have at least 6 characters. You can
modify the minimum length:

  plugin :rodauth do
    enable :login, :logout, :create_account

    # Require passwords to have at least 8 characters
    password_minimum_length 8
  end

You can use the {disallow common passwords feature}[rdoc-ref:doc/disallow_common_passwords.rdoc]
to prevent the usage of common passwords (the most common 10,000 by default).

You can use additional complexity checks on passwords via the {password
complexity feature}[rdoc-ref:doc/password_complexity.rdoc], though most of
those complexity checks are no longer considered modern security best
practices and are likely to decrease overall security.

If you want complete control over whether passwords meet requirements, you
can use the <tt>password_meets_requirements?</tt> configuration method.

  plugin :rodauth do
    enable :login, :logout, :create_account

    password_meets_requirements? do |password|
      #true if password meets requirements, false otherwise
    end
  end