mahara-contributors team mailing list archive

[Kristina Hoeppner <1625361@xxxxxxxxxxxxxxxxxx>]

I don't know if it was a design decision or not and can't remember if we
discussed it recently. It is handy when setting up test accounts for
sure. Sometimes site admins do create passwords on the spot for users
that those then don't change. That gets around the policy. And when
passwords are sent out, they are best copied and pasted rather than
typed.

Adding a policy cfg would be a good option to still make testing easier
if we also require any accounts to have a stronger password.

** Changed in: mahara
    Milestone: 16.10.0 => None

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1625361

Title:
  Use password check on /admin/users/edit.php

Status in Mahara:
  Confirmed

Bug description:
  When you change your password on your personal account settings page
  or via the force password screen, it goes through a password checker
  to determine some basic security and length of the password.

  These checks are not performed on when changing the password on
  /admin/users/edit.php as admin.

  For example: I can enter the password "mahara" on that screen, but
  can't use it on /account/index.php because it's deemed too simple.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1625361/+subscriptions