Users with 'administer users' permission skip password validation when registering users, but not when editing users. I don't see a reason for this inconsistency. If a site is enforcing a minimum password length, this should be checked both when editing and creating users. At the very least, something like the attached patch should be done.
|logintoboggan-password_validation_consistency.patch||933 bytes||Matthew Davidson|