Hi all,

ChirpStack currently does not prompt users to change default passwords after the initial setup, leaving many public instances vulnerable. Additionally, weak passwords, including single-character ones, are allowed, which may lead to comprising security.

So it would be good if:

1. It is required to password change upon first login.
2. Enforce a strong password policy:
   • Minimum length: 8–12 characters.
   • Include uppercase, lowercase, numbers, and special characters.

These changes will enhance security and reduce risks. Thank you for considering this request.