Mahara

password is too complex for younger people

Bug #547469 reported by Peter Sereinigg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Wishlist
Melissa Draper
Mahara 1.5.0

Bug Description

please add a possibility to define, how a password should look like. For younger people this complex password, you force here, is to difficult for use!

See original description
Revision history for this message
Chris Walsh (fitzwalsh) wrote :

Yes - we need to have flexibility to define our own password needs. Also - Mahara's default password requirements are different than Moodle's, so even with SSO working, Mahara asks the user to create a unique/longer password on first login. This is very awkward.

Revision history for this message
Nigel-catalyst (nigel-catalyst) wrote :

Do you happen to know Moodle's requirement, off the top of your head?

Not sure of the easiest way to fix this, as the password validation is a great big regex provided by an API method, and in theory admins might want to choose whether users had to use weaker/stronger passwords. I'm sure it's not that much work though.

Revision history for this message
Nigel-catalyst (nigel-catalyst) wrote :

This is worth fixing, I'd be tempted to reduce it to 5 characters, 0 numbers for now.

Revision history for this message
François Marier (fmarier) wrote :

I agree with Nigel and others on this. Let's stop pretending that password policies make people use good passwords.

Changed in mahara:
milestone: none → 1.5.0
tags: added: password
Revision history for this message
Melissa Draper (melissa) wrote :

http://xkcd.com/936/ :D

In all seriousness, Mahara could help change/improve habits by suggesting what Randall describes. I propose that we don't merely reduce the minimum length and drop numbers requirements. I suggest that when we change the policy, we also offer alternative password guidelines in text alongside the password change fields.

Revision history for this message
François Marier (fmarier) wrote :

I like these suggestions, but let's create a different bug for them.

This one is about removing the pointless restrictions.

Revision history for this message
Melissa Draper (melissa) wrote :

http://xkcd.com/936/ :D

In all seriousness, Mahara could help change/improve habits by suggesting what Randall describes. I propose that we don't merely reduce the minimum length and drop numbers requirements. I suggest that when we change the policy, we also offer alternative password guidelines in text alongside the password change fields.

Revision history for this message
Melissa Draper (melissa) wrote :

https://reviews.mahara.org/#change,655

François Marier (fmarier)
Changed in mahara:
status: Confirmed → In Progress
assignee: nobody → Melissa Draper (melissa)
Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/655
Committed: http://gitorious.org/mahara/mahara/commit/466c7763c4817b2b51fe3356aee09b06f8035848
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit 466c7763c4817b2b51fe3356aee09b06f8035848
Author: Melissa Draper <email address hidden>
Date: Thu Sep 8 17:10:16 2011 +1200

    Change password restrictions for young users (bug #547469)

    As demonstrated by http://xkcd.com/936/ the current password policy encourages
    passwords with low entropy. Young users especially struggle with the password
    policy. This patch drops the mandatory number & 2 letters rule.

    Change-Id: Ifb9f4a24f53ab86ddf52f69ca3e07611c41bec64
    Signed-off-by: Melissa Draper <email address hidden>

François Marier (fmarier)
Changed in mahara:
status: In Progress → Fix Committed
François Marier (fmarier)
tags: added: passwords
removed: mahara-eduforge-feature-request password
description: updated
Dominique-Alain JAN (dajan)
tags: added: newfeature
Revision history for this message
Melissa Draper (melissa) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

status: fixreleased
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPjqbSAAoJECXBtiziiXdc9lQH/ihyu7QAsQTauz6R0kgBF2og
xGfwoCzflrqvhr0M52SR9mS/oVvb0ZerWl6CL2aJ8Aq5dTGNZ2+dHsDZTTYGQzF0
qLheaMcgjVQyCasJQzFwP4eVhxP5d7PUvHTPoB2SfQOMrzb6LdbF3ZuaPk11bImk
zjRhyzLIDuqPGCvkm/RSr3RlyuLlQD6/mSXfHLXRMKuG6ZXZQdgwvAgbRVrqCukJ
HeAfb9i1gVLgMoKO1OGur+sCYD155g6GtykNolwC1vXGI2lwL5yko4rBq47m1zTJ
iEMJngvutbkLqfkLye2DrqEGfPdJSD28cn0yTrGo4r8c8v+VErQG2fw28Do62AQ=
=PEOy
-----END PGP SIGNATURE-----

Revision history for this message
Melissa Draper (melissa) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 status fixreleased
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPjrRzAAoJECXBtiziiXdcggYH/39bWTAPjHe9fUi3ve11K6iW
/R7j+mSc51e/47Cx0Z1Xv1HkDY0ymFLyRU/4CgErzWLWtrlSVhDx/r3gf8aHj+A+
ICmHRmTTCRBij5sKZVZbzZDN/t9drPvJ1u1dWcagGR2DiXoxAa9Kd2LUXKScRvS6
DqhQWj42JiOoo1R1FGFLa8dpPwlzwuLKyQQ6gvdDutva0E3RqktUUBy8w6ieMG6E
UM/K4sdgx7AAhfBxg91349DOjKeHE/69Vb1gbJXE9UtY/xwe+3sgBtAM7aN4e5US
PhBcGckRLkgxpwLwDzTNGuDHFp51OjIdqXaoRAxXx3tgOonY2bs/eqg42RJBcR4=
=dLjM
-----END PGP SIGNATURE-----

Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.