# Weak Password Policy

- ID: go-weak-password-policy
- Severity: MEDIUM
- CWE: Weak Password Requirements (CWE-521)
- Languages: Go

## Description

Password validation requires fewer than 8 characters.

## Remediation

Enforce minimum password length of 12+ characters with complexity requirements.

```go
func validatePassword(password string) error {
    if len(password) < 12 {
        return errors.New("password must be at least 12 characters")
    }
    // Add complexity checks: uppercase, lowercase, digit, special char
    return nil
}
```

Learn more: https://shoulder.dev/learn/go/cwe-521/weak-password-policy

## Related Rules

- **Weak Password Policy** [HIGH]: