[WIP] Update password requirements for new account registration

[Copilot]

• Analyze current password requirements implementation
• Add zxcvbn library for password strength checking
• Update signup.html template with modern password requirements
• Improve UX with clear passphrase guidance
• Update server-side password validation to support passphrases
• Take screenshot of UI changes
• Run code review
• Address code review feedback
• Run security checks

Changes Made

Frontend (signup.html)

• Replaced outdated OWASP password strength test with zxcvbn for better password/passphrase strength analysis
• Changed label from "Password" to "Password or Passphrase" for clarity
• Added visual password strength meter with color-coded feedback (Very Weak → Very Strong)
• Removed confusing checkboxes ("Is it a valid password?", "Is it a passphrase?")
• Added clear, user-friendly tips for creating strong passwords
• Added real-time password match indicator
• Retained HIBP (Have I Been Pwned) breach check with improved UX (added timeout and caching)
• Reduced minimum password length from 10 to 8 characters (modern best practice)
• Added JavaScript constants for password length requirements for consistency

Backend (validators.py, settings.py)

• Created ModernPasswordValidator supporting passphrases (8-128 chars)
• Removed NumericPasswordValidator which enforced outdated character requirements
• Updated AUTH_PASSWORD_VALIDATORS to use the new modern validator

Screenshot

Original prompt

when you register a new account, it has outdated password requirements and we should set the scene for modern authentication. It should allow passphrases and have a UX that isn't confusing. We should also use zxcvbn for password/phrase strength

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.