Hi The default behavior for registration is that a user can register without password if he just let the pass field empty is not this wrong? Is not it better to add a line to the db.py in it like:
db.auth_user.password.requires = [IS_NOT_EMPTY()] to enforce this behavior for any application created?