Comment on Require a (configurable) minimum password length for user accounts