> > Note also that it DOES allow logging in with no password subsequent to the > registration.
Right, it looks like login will allow no password if password length is enforced only by CRYPT (it actually overrides the CRYPT min_length attribute). I don't think it will override IS_STRONG or IS_LENGTH, though. > Adding the requires.insert(0,IS_LENGTH(minsize=5)) has no effect. I'm not able to unpack/install the app you attached (seems to be corrupted), but when I insert IS_LENGTH in my own test app as you have above, it works fine. Would have to see your code to figure out what's wrong. Anthony --
