As per a conversation in the gogits/gogs gitter room, the ability to set a minimum password length requirement for passwords would be a valuable security feature. Right now, the minimum password length seems to be a hardcoded... 1. Not great, by any means.

Some poking around in the codebase tells me that at some point, there was a hardcoded 6char password minimum, but this was removed.

I can't stop my users using obnoxiously weak passwords, but I'd like to be able to stop them using short passwords!