Increasing devise's default password length

[angelamchoi]

Hi @carlosantoniodasilva and Devise team!

Currently, Devise's minimum password length is 6 characters long without any strict requirements on uppercase and lowercase, letters and symbols. For example, 123456, would be an acceptable password. I wanted to know if Devise would consider increasing the default password length to 10-12 min. characters long with stronger password requirements such as adding uppercase, lowercase, letters, and/or symbols to ensure all users have a secure password. I have attached an image for more information. I would love to work on this issue.

Please let me know if you have any questions.

Thank you.

[kykyi]

Great call @angelamchoi! @carlosantoniodasilva and Devise team can I open a PR adding some config which essentially does this?

# devise initializer
Devise.setup do |config|
      config.password_length = 8..128
      config.password_require_lower_case = true
      config.password_require_upper_case = true
      config.password_require_special_character = true
      config.password_require_number = true
end

# on devise model
 def password_complexity
    lower_case_regex = /(?=.*[a-z])/
    upper_case_regex = /(?=.*[A-Z])/
    digit_regex = /(?=.*[0-9])/
    special_char_regex = /(?=.*[\W])/

    [
      [lower_case_regex, :no_lowercase],
      [upper_case_regex, :no_uppercase],
      [digit_regex, :no_digit],
      [special_char_regex, :no_special]
    ].each do |regex, error|
      if !password.match?(regex)
        errors.add :password, error
      end
    end
  end