authentication

Improving the security of Drupal authentication

By default, Drupal has very lax password requirements for user accounts. When you create an account, Drupal will evaluate your password as “weak”, “good”, or “strong”. Depending on the password you enter, Drupal may suggest that you:

  • Make it at least 6 characters
  • Add uppercase (or lowercase) letters
  • Add numbers
  • Add punctuation

That said, by default, Drupal won’t stop you from creating a user account with a weak password.