Comment 3 for bug 1667222

Yup, you're right. I could swear I was unlocking it.

Ok, so after following the steps I can confirm that setting a new password for the user after it has been set to not require a password to log in, does indeed keep the user in the nopasswd group, and so even though you have set a new password for the user you do not need to use it to log in.

However - I'm not sure if this is a bug or a feature.

My rationale is that setting a password for the user could be considered orthogonal to actually requiring that user to *use* the password in order to log in, as opposed to say, unlocking the user panel in settings.

I will speak to the team and see what people think.