From cf4b16ed380c336a7eaec7e46bec03f7767e10ba Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Thu, 8 Nov 2018 13:23:53 +0200
Subject: [PATCH] FIX Move password complexity requirements into framework

---
 _config/passwords.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 _config/passwords.yml

diff --git a/_config/passwords.yml b/_config/passwords.yml
new file mode 100644
index 000000000..fc865200a
--- /dev/null
+++ b/_config/passwords.yml
@@ -0,0 +1,13 @@
+---
+Name: corepasswords
+---
+SilverStripe\Core\Injector\Injector:
+  SilverStripe\Security\PasswordValidator:
+    properties:
+      MinLength: 8
+      HistoricCount: 6
+
+# In the case someone uses `new PasswordValidator` instead of Injector, provide some safe defaults through config.
+SilverStripe\Security\PasswordValidator:
+  min_length: 8
+  historic_count: 6