Summary

Argo CD requires username/password authentication, such as that for the default administrator account, be set via kubectl. This account can then be logged into later with the CLI or Web UI. However, due to password reset conventions, there are no password complexity requirements.
In the event a user selects a password which is considered inefficient by today’s standards, an attacker may be able to gain access to their account. This is a scenario which would be otherwise easily preventable if password setting/resetting methodology was implemented first-party.

Motivation

Please give examples of your use case, e.g. when would you use this.

Proposal

Implement first-party password setting functionality that enforces reasonable password complexity requirements.

How do you think this should be implemented?