U2 Fan

Which begs the question... Why can I register a new account on my forums with exactly that password (which is only 5 characters long)? Why can a new member, in fact, register an account with as few as 3 characters as a password?... I realise that new (or existing) members don't get access to your ACP unless you give it to them... but that's exactly what I'm about to do with two of my existing members (albeit restricted access). How can I be sure that they're using secure passwords without actually having to check up on them first? Surely the IPB registration form can be changed/enhanced to force all new members to choose much more secure passwords in the first place? I mean, there are countless websites (like banks) that include something like, "Your password must be at least 7 characters long and include at least 3 letters and 3 numbers"... (or whatever it is). Yet Invision considers 3 characters to be a strong password?

I couldn't agree more! Every time I read a post from someone requesting impovements to the User-Group Permissions (including the ability to assign different features to different user groups), I point them to this thread that I posted almost two years ago. I've been anxiously awaiting a reply from IPB on this subject, so I'll keep referring back to my original post again and again and again.....