Actually, by default, Auth requires a password of at least 4 characters, which is enforced by the CRYPT validator. If you enter 1-3 characters, you'll get an error. However, it you leave it blank, it appears that CRYPT will automatically insert a uuid as the password (I'm not sure why). If you want to allow empty passwords (probably not), you can do:
auth.settings.password_min_length = 0 If you want to enforce a minimum length but ensure an empty password isn't submitted, you can probably do: auth.settings.table_user[auth.settings.password_field].requires.insert(0, IS_NOT_EMPTY()) or auth.settings.table_user[auth.settings.password_field].requires.insert(0, IS_STRONG(...)) That will insert a validator before the CRYPT validator to make the sure the password isn't empty or satisfies some minimal requirements. Anthony On Saturday, October 22, 2011 9:11:02 AM UTC-4, horridohobbyist wrote: > > Why is password not a required field in registration? > > I just found that if you don't enter a password, you can't login, even > though registration was successful. Apparently, login will not accept > an empty password. > > Richard
