* Statements:
* - MinimalPasswordLength - minimum length a user can set
* - MinimumPasswordLengthToLogin - passwords shorter than this will
- * not be allowed to login, regardless if it is correct.
+ * not be allowed to login, or offered a chance to reset their password
+ * as part of the login workflow, regardless if it is correct.
* - MaximalPasswordLength - maximum length password a user is allowed
* to attempt. Prevents DoS attacks with pbkdf2.
* - PasswordCannotMatchUsername - Password cannot match username to
}
/**
- * Check password is longer than minimum, fatal
+ * Check password is longer than minimum, fatal.
+ * Intended for locking out users with passwords too short to trust, requiring them
+ * to recover their account by some other means.
* @param int $policyVal minimal length
* @param User $user
* @param string $password