minimum password length

[ghost]

It's incredibly annoying when locally hosted programs ask you to set a password and have minimum requirements, especially when it can only be accessed on my home network.

Remove minimum password length requirements. I would like to set a 4 character pin code, and I really don't see any reason to have these requirements in place. Instead of strict requirements, there could be a clearly visible warning.

[Omeryl]

I'm going to put a hard disagree on this one, not everyone runs their stuff locally (and I'd argue most people are not on this project) and it should not allow those to lessen their security posture without their own tinkering to do so. If you really want to do that, build your own binaries.

[nepcore]

A lot of people run PufferPanel in some public facing capacity, for example to have easy access to their game server at home and then may even let their friends access that
Arguing that a user installing PufferPanel should be technically versed enough to understand the impact of bad passwords is a stance I can understand, but from experience have to say is sadly just not true and we need to also consider that some people set up PufferPanel to give other, less tech savvy users access to things like server consoles, configs, etc
Given that, to me it is entirely insane and completely failing to consider the effects of our choices if we were to allow bad passwords by default, warning boxes don't help either, especially those users that need to have those safeguards are surprisingly good at not even reading them
I'd suggest taking a look at getting some (free) password manager with decent browser integration (self hosted or otherwise) so you can just store a password fulfilling the requirement in there and let the password manager autofill it with one quick hotkey or button press
What I could potentially see at some point in the future is the idea of customizable password policies, that would allow the default to stay where it is (and improve as time demands it) while user specific scenarios like yours would need adjusting some configs rather than building from source to change a single integer, however our to do lists are too long for any promises, especially on features currently known to help exactly one persons use case

[ghost]

I agree that we shouldn't put that kind of trust into every individual. So I've revised my request. Instead of removing the password requirements, a local pin code could be a better idea. qBittorrent webui implements a similar feature, where people on the local machine or network can bypass the password, while people accessing the webui from a remote machine must enter a password. I believe this is much safer and also more convenient.