I got logged out and when I tried to log back in I found that none of my usual passes worked, so I reset it. The reset wanted a password that was a minimum of 10 characters long! Now I don’t know if this is something enforced by Discourse or not, but I think that length is a bit overkill for just a language forum. I personally feel that password strength requirements should always reflect the sensitivity of the information secured by them.
Maybe others feel more strongly about this but I think 6-8 min characters is better and if people really think the forum needs more security then maybe add in requirements on capitalization, numbers, and symbols.