From 0fb653d6e08fb99b1106089283799281af244b63 Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Fri, 24 Mar 2017 17:07:26 +0100
Subject: [PATCH] Add section 'Custom password requirements' to README

---
 README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/README.md b/README.md
index 92ba840..6e53b07 100644
--- a/README.md
+++ b/README.md
@@ -483,6 +483,32 @@ $uuid = \Delight\Auth\Auth::createUuid();
 
 For detailed information on how to read and write session data conveniently, please refer to [the documentation of the session library](https://github.com/delight-im/PHP-Cookie#reading-and-writing-session-data), which is included by default.
 
+### Custom password requirements
+
+Enforcing a minimum length for passwords is usually a good idea. Apart from that, you may want to look up whether a potential password is in some blacklist, which you could manage in a database or in a file, in order to prevent dictionary words or commonly used passwords from being used in your application.
+
+To allow for maximum flexibility and ease of use, this library has been designed so that it does *not* contain any further checks for password requirements itself, but instead allows you to wrap your own checks around the relevant calls to library methods. Example:
+
+```php
+function isPasswordAllowed($password) {
+    if (strlen($password) < 8) {
+        return false;
+    }
+
+    $blacklist = [ 'password1', '123456', 'qwerty' ];
+
+    if (in_array($password, $blacklist)) {
+        return false;
+    }
+
+    return true;
+}
+
+if (isPasswordAllowed($password)) {
+    $auth->register($email, $password);
+}
+```
+
 ## Exceptions
 
 This library throws two types of exceptions to indicate problems: