Password requirements are too low
The minimum password length is 6, which should be increased, as 6-character passwords are not secure.
However, this is not a big issue in ProjectForum (as long as password hashes aren't leaked) since we lock accounts after a few failed attempts anyways.