1 files changed, 17 insertions, 0 deletions

diff --git a/plugins/UsersManager/UsersManager.php b/plugins/UsersManager/UsersManager.php
index 4f72e98775..a844aee258 100644
--- a/plugins/UsersManager/UsersManager.php
+++ b/plugins/UsersManager/UsersManager.php
@@ -12,6 +12,7 @@ use Exception;
 use Piwik\Access\Role\Admin;
 use Piwik\Access\Role\Write;
 use Piwik\API\Request;
+use Piwik\Auth\Password;
 use Piwik\Common;
 use Piwik\Option;
 use Piwik\Piwik;
@@ -197,11 +198,27 @@ class UsersManager extends \Piwik\Plugin
 
     public static function getPasswordHash($password)
     {
+        self::checkBasicPasswordStrength($password);
+
         // if change here, should also edit the installation process
         // to change how the root pwd is saved in the config file
         return md5($password);
     }
 
+    public static function checkBasicPasswordStrength($password)
+    {
+        $ex = new \Exception('This password is too weak, please supply another value or reset it.');
+
+        $numDistinctCharacters = strlen(count_chars($password, 3));
+        if ($numDistinctCharacters < 2) {
+            throw $ex;
+        }
+
+        if (strlen($password) < 6) {
+            throw $ex;
+        }
+    }
+
     /**
      * Checks the password hash length. Used as a sanity check.
      *