I've done an informal poll, showing the help text for the "Digit Placement" constraint to a few people. I'm not the only one who found it confusing:
Minimum number of digits in the password to allow a digit in the first or last position in the password (e.g. 2abcdefg and abcdefg4 are unacceptable passwords, while 2qpcxrm3 and 99qpcxrm are allowed passwords when 2 is set here).
I went back and read the #316768: set restrictions on placement of numbers issue responsible for adding the constraint and one comment in particular gave me a much better understanding of what it is intended to do. Based on that, I'm proposing updating the help text to instead read:
Minimum number of digits necessary in the password overall, to allow a digits as the first or last characters in the password. For example, set to 2, the passwords 2abcdefg and abcdefg4 are unacceptable, while 2qpcxrm3 and 9qpcx9rm are allowed. This is intended to prevent changing passwords by incrementing a single digit, such as password1, password2, password3.
| Comment | File | Size | Author |
|---|---|---|---|
| digit_placement_constraint_text.patch | 1.08 KB | matt v. |
Comments
Comment #1
erikwebb commentedCommitted and attributed.
http://drupalcode.org/project/password_policy.git/commit/a999cbf