Enforce 15-Character Minimum for Strong Passwords

✨ Feature Request: Enforce 15-Character Minimum for Strong Passwords

Problem StatementWhenStrong password enforcementis enabled, Pelcro currently enforces ahardcoded minimum password length of 8 characters. This does not meet current security standards such asNIST SP 800-63B Rev. 4andOWASP ASVS v5.0, which mandate or strongly recommend aminimum of 15 charactersfor single-factor authentication.

User Story

As a Pelcro site owner or security administrator,

I want strong password enforcement to require aminimum of 15 characters,

so that new user passwords comply with modern security standards without custom development.

Proposed Change

1. Update the existing Strong password enforcement feature to enforce:

2. Minimum password length: 15 characters

3. Maximum password length: 64 characters (passphrase support)

4. Apply enforcement consistently across:

5. Customer sign-up

6. Password reset

7. Password change flows

Definition of Done (DoD)

1.  Strong password enforcement enforces a 15-character minimum for passwords

2. Maximum supported password length is 64 characters

3. Enforcement applies only to newly created or updated passwords

4. Existing passwords are not invalidated or forced to reset

5. Validation is enforced at API, UI, and SDK levels

6. Clear validation errors are returned when requirements are not met

7. Automated tests are updated or added

8. Security documentation is updated accordingly