Consider increasing minimum password length

[rebeccacremona]

PCI Data Security Standards v4, which we are not yet required to comply with, requires that the passwords used to access particular systems be at least 12 chars long (8.3.6). We do not understand this requirement to apply to Perma or Perma Payments, since neither system has access to cardholder data. But, since this new clause has been specifically brought to our attention, we might consider setting the password min length to 12 anyway.