Improve password security - length and characters

[jrtricafort]

Describe the solution you'd like

• Increase minimum length of passwords.
• Make sure we are allowing all characters that should be valid.
• Verify we allow and can store unicode characters - if we can't store them, don't allow them
• Notify users that they'll need to change their password once this runs
  [more?]

Aha! Link: https://ushahiditeam.aha.io/features/PROD-320

[rjmackay]

Added:
Verify we allow and can store unicode characters - if we can't store them, don't allow them

[tuxpiper]

Notify users that they'll need to change their password once this runs

I'd say this is a side task that concerns mainly our SaaS and may be of lower priority to the rest.

I'd suggest to drop it from the description and go ahead with this issue in an upcoming release.

[tuxpiper]

Side-note: initially I thought that there should probably be additional requirements such as use of digits, symbols, mixed-case ... but then I realized we probably not have yet a very good UI to communicate such sophistication of requirements, and hence lots of users may end up being annoyed.

[Erioldoesdesign]

@tuxpiper We for sure don't have intelligent UI that updates a password criteria list with nice green ticks as most password thingy do nowadays but we can certainly add in helper text that suggest a password contain 1 capital letter, symbol and numbers.

[CeciliaHinga]

@tuxpiper I guess this was already discussed